WordPress Plugin Flaw Enables Admin Account Takeovers
Hackers exploited a critical vulnerability in the User Registration & Membership plugin on March 5th. The flaw affects over 60,000 WordPress installations worldwide.
The bug allows attackers to bypass authentication controls and create administrator accounts without authorization. Security researchers confirmed active exploitation attempts targeting vulnerable sites.
According to The Hacker News, the vulnerability stems from improper input validation in the plugin's user registration process.
60,000+ WordPress Sites at Risk
WordPress sites running the User Registration & Membership plugin face immediate risk. The plugin maintains over 60,000 active installations across various industries.
Attackers can exploit the flaw remotely without user interaction. No special privileges are required to execute the attack, making it particularly dangerous for unpatched sites.
Small businesses and personal websites represent the majority of affected installations, though enterprise WordPress deployments also use the plugin.
Plugin Update Addresses Security Gap
The plugin developers released a security update addressing the authentication bypass flaw. Site administrators must update to the latest version immediately.
WordPress site owners can check their plugin version through the admin dashboard. The vulnerable versions allow unauthorized admin account creation through manipulated registration requests.
Security teams recommend reviewing user accounts created recently and implementing additional access controls while updating affected systems.
