Attackers are mass-creating admin accounts on thousands of websites. π
Critical Vulnerability Β· Active Exploitation in User Registration & Membership for WordPress.
We are seeing a massive wave of automated attacks targeting the User Registration & Membership plugin for @[WordPress](urn:li:organization:1202953). This critical flaw allows unauthenticated attackers to create new administrator accounts, effectively granting them full control over the affected site.
Over 60,000 sites are currently at risk. Attackers are leveraging this access to inject malicious scripts, redirect traffic, and exfiltrate user data. Because the exploit requires zero credentials, it is a prime target for high-scale automated botnets.
The uncomfortable truth: A single unpatched plugin on your corporate site can turn your public digital presence into a launching pad for further malware distribution.
β Update the User Registration & Membership plugin to version 3.2.1 or higher immediately.
β Audit your WordPress user list for any unauthorized accounts with ‘Administrator’ roles.
β Implement a Web Application Firewall (WAF) to block unauthorized registration requests.
Do you have a real-time inventory of every plugin currently active on your public web servers? π
#Cybersecurity #WebSecurity #AppSec #WordPress #SOC #CodeDefence