Attackers are mass-creating admin accounts on thousands of sites tonight. π
Critical Vulnerability Β· Active Exploitation in User Registration & Membership for WordPress.
We are seeing a massive wave of automated botnet activity targeting @[WordPress](urn:li:organization:1202953) sites. A critical flaw in the User Registration & Membership plugin allows unauthenticated attackers to create new administrator accounts, granting them full control over the target site.
Over 60,000 sites are currently at risk, with exploitation activity spiking in the last 24 hours. Attackers are using this access to inject malicious scripts, redirect corporate traffic, and exfiltrate user databases. This is a low-barrier, high-impact exploit being used for mass web compromise.
The uncomfortable truth: A single unpatched plugin can turn your public web presence into a tool for state-sponsored malware distribution.
β Update the User Registration & Membership plugin to version 3.2.1 or higher immediately.
β Audit your WordPress user list for any unauthorized accounts with Administrator roles.
β Implement a Web Application Firewall (WAF) to block unauthorized registration requests at the edge.
Do you have a real-time inventory of every third-party plugin running on your corporate web servers? π
#Cybersecurity #WebSecurity #AppSec #WordPress #SOC #CodeDefence