Support » Plugin: Ultimate Member - User Profile & Membership Plugin » !DANGER! Security issue

  • Resolved jave.web

    (@javeweb)



    I got now 2 websites with PHP malware,
    plugins that are on both are: Ultimate member, ACF, WPML and WP Migrate DB,
    however the latter 3 are on other sites that work fine.

    Also same behaviour is that

    /wp-content/uploads/ultimatemember/temp

    this folder contains suspicious folders and PHP files in them, attacks are often more site-spread, so only suspect remains this plugin.

    Can you please look into this issue?
    Doesn’t your file upload have a security hole somewhere?

    //USING LATEST ULTIMATE MEMBER, LATEST WP//

    Also your check_file_upload() method checks extension, not a real file type! Which is an issue itself…

    • This topic was modified 2 months, 1 week ago by  jave.web.
Viewing 10 replies - 1 through 10 (of 10 total)
Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.