Some of my behind-the-scenes work at Automattic was featured in a WPScan blog post and disclosure.
While auditing logs across Automattic’s platforms, we identified an attack campaign leveraging vulnerabilities in the Ultimate Member plugin. The plugin’s developers attempted to fix the issue in version 2.6.4 but one of our Security Researchers identified that the vulnerability was still present — even in additional attempts to patch it across versions 2.6.5 and 2.6.6.
At the time of this post, the plugin is still vulnerable to unauthenticated privilege escalation — allowing an attacker to register as an administrator.
Read more, including indicators of compromise, at https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/
While you’re on WPScan or Jetpack.com, you might find other articles about some of my random work — such as The School Management plugin backdoor disclosure and Fake Plugin Wave Affecting WordPress sites.
