Skip to content

WordPress plugin lets users become admins – Patch early, patch often! – Naked Security

Make sure to update the Ultimate Members plugin on your WordPress site to the latest version (2.6.7) as it patches a serious security vulnerability. The vulnerability (CVE-2023-3460) allows an unauthorized attacker to register as an administrator and gain full control of the website. The issue stems from the plugin’s registration form, which allows certain values to be changed, including the user’s role on the website. Although the plugin doesn’t provide an option to change this value, it can be easily bypassed. This means that users can edit their roles and become admins without proper detection or blocking from the backend software.

The Ultimate Member plugin is designed to facilitate user access on WordPress sites, allowing users to sign up and become members with ease. However, its security measures seem to be lacking. The plugin’s developers have been working on fixing this vulnerability since version 2.6.3, with subsequent versions partially addressing the issue. They are collaborating with the WPScan team to ensure the best results. Users are strongly advised to update their websites to version 2.6.6 and stay updated for future security enhancements. The developers are still working on resolving the remaining issue and will release an update soon.

Similar to the Log4Shell vulnerability, some programming bugs require multiple patches. If a bug is not limited to a single typo but is caused by a widespread assumption or mistake in the code, extensive bug-hunting is necessary. In the case of Log4J, attackers searched for related coding mistakes before the developers could fix them. The MOVEit command injection vulnerability also experienced a similar situation, with Progress Software releasing multiple patches after finding related bugs. However, in the case of Ultimate Members, the developers did not explicitly advise users to stop using the plugin while the vulnerability was being patched, unlike the responsible approach taken by the makers of MOVEit.

If you are an Ultimate Members user, it is crucial to patch your plugin immediately. Given the incremental nature of the bug fixes, it is important to stay vigilant for future updates and apply them promptly. Server-side programmers should never rely solely on client-side code to ensure the safety of input data. Validating inputs and assuming the worst-case scenario is essential. Additionally, programmers should search broadly for related issues when a bug is reported, as coding errors may be duplicated in other parts of the project or by other developers.

Key Points:
1. Update the Ultimate Members plugin to the latest version (2.6.7) to patch a critical security vulnerability.
2. The vulnerability allows unauthorized attackers to register as administrators and take control of the website.
3. The issue lies in the plugin’s registration form, which can be manipulated to change user roles.
4. The developers have been working on fixing the vulnerability since version 2.6.3 and advise users to update to version 2.6.6.
5. Server-side programmers should not rely solely on client-side code and should validate inputs. Broadly search for related issues when bugs are reported.

Leave a Reply

Your email address will not be published. Required fields are marked *