Security Release: v1.3.76

bug

Recently, we were contacted by a security expert and researcher, James Golovich, regarding a significant security issue that allowed unauthenticated users to reset users password which could allow an external attacker to take over an Administrator account.

We didn’t want to go public with the vulnerability until our users had had time to update to a version 1.3.76. We’d like to say a big thank you to James for the responsible disclosure; he gave us time to fix the issue and for our users to update to 1.3.76 before announcing the vulnerability via his website. You can read James’ post about the vulnerability here.

Github commits to fix the security issue:

If you have not done so already, we would urge you to update to version the latest version of Ultimate member.

Calum Allison

Founder of Ultimate Member - a free online community & user profile plugin for WordPress.

1 Comment

  1. […] seen an announcement from the Ultimate Member developer. On December 8th, the developer published a blog post and a twitter post regarding the […]

Leave a Comment

You must be logged in to post a comment.

Ready to get started?

Grab the extensions bundle today for only $199

Error: Please enter a valid email address

Error: Invalid email

Error: Please enter your first name

Error: Please enter your last name

Error: Please enter a username

Error: Please enter a password

Error: Please confirm your password

Error: Password and password confirmation do not match