Summary

Hackers are actively exploiting a critical vulnerability in the User Registration & Membership plugin for WordPress. This plugin is installed on over 60,000 WordPress sites, posing a significant security threat.

Key Points

• The vulnerability is classified as critical due to active exploitation.
• The affected plugin is the User Registration & Membership plugin for WordPress.
• Over 60,000 WordPress sites have this plugin installed, increasing the scope of potential impact.
• The exploit allows attackers to create unauthorized admin accounts on compromised sites.

Analysis

The exploitation of this vulnerability highlights the importance of maintaining up-to-date plugins and monitoring for unusual activities on WordPress sites. Given the widespread use of the User Registration & Membership plugin, the potential for unauthorized access and control over affected sites is significant, making this a critical issue for site administrators.

Conclusion

IT professionals managing WordPress sites should immediately check for the presence of the User Registration & Membership plugin and apply any available updates or patches. Monitoring for unusual admin account creation is also recommended to mitigate potential unauthorized access.