CP
cyberpings
VulnerabilitiesHIGH

Critical WordPress Bug Creates Admin Accounts for Hackers

BCBleepingComputer18h ago2 min read
WordPressUser Registration & Membershipplugin vulnerabilityadmin accountscybersecurity
🎯

Basically, hackers found a way to take control of WordPress sites using a plugin flaw.

Quick Summary

A critical flaw in a popular WordPress plugin is being exploited by hackers to create unauthorized admin accounts. Over 60,000 sites are affected, putting sensitive data at risk. Site owners must act quickly to secure their platforms and protect user information.

What Happened

A serious vulnerability? has been discovered in the User Registration & Membership plugin? for WordPress?, affecting over 60,000 sites. This flaw allows hackers to create unauthorized admin accounts?, giving them full control over these websites. Imagine someone sneaking into your home and taking over — that’s what’s happening online.

The plugin? is widely used for managing user registrations and memberships. When exploit?ed, it opens the door for attackers to manipulate site settings, access sensitive data, and even spread malware. This isn’t just a minor issue; it’s a major risk for anyone using this plugin?.

Why Should You Care

If you run a WordPress? site, this vulnerability? could put your business and users at risk. Your personal data, customer information, and even your reputation could be at stake. Think of it like leaving your front door unlocked — you wouldn’t do that, right?

Even if you're not a site owner, this affects you. If hackers gain access to a website you use, they could steal your information or even use it for phishing attacks. Protecting your online presence is more important than ever.

What's Being Done

The developers of the User Registration & Membership plugin? are aware of the situation and are working on a patch to fix the vulnerability?. Here’s what you should do right now:

  • Update the plugin? to the latest version as soon as it’s available.
  • Regularly check your site for any unauthorized changes or new admin accounts?.
  • Consider implementing additional security measures, like two-factor authentication. Experts are closely monitoring this situation, as they expect more attacks targeting vulnerable sites in the coming days.

💡 Tap dotted terms for explanations

🔒 Pro insight: The exploitation of this plugin mirrors past trends, indicating a surge in targeted attacks on WordPress vulnerabilities.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Critical Cisco Bug Exploited by Hackers for Years!

Hackers have been exploiting a critical bug in Cisco devices for years. Major organizations are at risk of data breaches. Cisco is urging users to patch their systems immediately to prevent attacks.

TechCrunch Security·Just now·2m
HIGHVulnerabilities

AI Tools Revolutionize Vulnerability Discovery in Cybersecurity

Three new AI tools are changing how we find security flaws. Security vendors are also discussing supply chain attacks and logging secrets. Staying informed can help protect your data from potential breaches.

tl;dr sec·Just now·3m
HIGHVulnerabilities

Critical XXE Vulnerabilities Found in Electronic Invoice Tools

Recent tests revealed critical XXE vulnerabilities in electronic invoicing tools. Businesses using these platforms could face serious security risks. It's vital to update your software and monitor for unusual activity.

Full Disclosure·Just now·2m
HIGHVulnerabilities

Android Devices Face Exploited Vulnerabilities – Update Now!

Android has issued a security advisory for vulnerabilities being actively exploited. Users must update their devices immediately to protect their data. Don’t risk your personal information—act now!

Canadian Cyber Centre Alerts·Just now·2m
HIGHVulnerabilities

VMware Issues Urgent Security Advisories for Tanzu Products

VMware has issued urgent security advisories for several Tanzu products due to vulnerabilities. Users of Tanzu Greenplum and RabbitMQ are at risk. It's essential to update your software immediately to protect your data. Don't wait for a breach to happen!

Canadian Cyber Centre Alerts·Just now·2m
CRITICALVulnerabilities

Redis Vulnerability CVE-2025-49844 Hits Critical 10.0 Rating

A critical flaw in Redis has been rated CVSS 10.0, exposing users to potential control by hackers. If you rely on Redis, your systems could be at risk. Immediate updates and security reviews are essential to safeguard your data.

Scott Helme·Just now·2m