Today it was announced that “critical and severe vulnerabilities” affect a WordPress community building plugin called, Ultimate Member was patched. This vulnerability is easy to exploit and gives the attacker administrator level access, meaning they can do whatever they want to the site.
This is how Wordfence describes the seriousness of this exploit:
“This vulnerability is considered very critical as it makes it possible for originally unauthenticated users to easily escalate their privileges to those of an administrator. Once an attacker has administrative access to a WordPress site, they have effectively taken over the entire site and can perform any action, from taking the site offline to further infecting the site with malware.”
Ultimate Member WordPress Plugin
The Ultimate Member WordPress plugin is a form of community building plugin that allows a WordPress publisher to allow readers to become members who can receive various levels of access as well as interact with each other socially.
It’s a solution that can also be used to restrict access to the content to registered users only and to grant various levels of membership privileges, like publishing to the site.
Ultimate Member Vulnerability
There are three exploitable vectors in the plugin and all three are privilege escalation exploits. A privilege escalation exploit is when an attacker can increase their user privilege.
For example, if someone is registered with a site as a subscriber they can do things like read articles and comment on them.
But with a an exploit they can elevate their site privileges from subscriber to an administrator level and thus grant themselves the ability to do whatever they want with the site.
An authenticated privilege escalation exploit is when someone needs to have some kind of authentication, like a subscriber role.
With an Unauthenticated Privilege Escalation exploit, a person doesn’t even have to be a registered user.
The exploit affect the Ultimate Member plugin involved two unauthenticated exploits and one authenticated exploit.
The Authenticated Privilege Escalation exploit allows a registered user to upgrade their privileges.
The Unauthenticated Privilege Escalation exploit allows an attacker to use the registration form as an attack vector.
These exploits are serious, rated critical and severe.
Here’s how WordFence describes it:
“…this vulnerability is considered critical as it allows originally unauthenticated users to escalate their privileges with some conditions. Once an attacker has elevated access to a WordPress site, they can potentially take over the entire and further infect the site with malware.”
It is recommended that users update immediately to Ultimate Member WordPress plugin version 2.1.12. That version contains the patch that fixes the vulnerability.