WordPress membership plugin bug exploited to create admin accounts
Summary
A critical vulnerability in the User Registration & Membership plugin for WordPress is being actively exploited by hackers. This flaw allows attackers to create administrator accounts on affected websites, potentially leading to full site compromise.
IFF Assessment
FOE
The active exploitation of a critical vulnerability that grants attackers administrative privileges is bad news for website defenders.
Severity
9.8
Critical
(AI Estimated)
Defender Context
This highlights the critical need for timely patching and monitoring of WordPress plugins, especially those with user management functionalities. Defenders should prioritize identifying and updating the User Registration & Membership plugin and similar components to prevent unauthorized administrative access.