Title: Ultimate Member Hack Last modified: November 14, 2020 --- # Ultimate Member Hack * Resolved [rosstes](https://wordpress.org/support/users/rosstes/) * (@rosstes) * [5 years, 6 months ago](https://wordpress.org/support/topic/ultimate-member-hack/) * Hi This morning a new member registered and somehow managed to assign wp_capabilities of “administrator” Pretty serious stuff, eh? Found this article from just 3 days ago which echoes my concern * [https://securityaffairs.co/wordpress/110717/hacking/wordpress-ultimate-member-flaws.html](https://securityaffairs.co/wordpress/110717/hacking/wordpress-ultimate-member-flaws.html) * Pretty sure this is what happened to one of my sites * I am using your plugin on at least 4 sites * Has this issue been looked into yet? * Ross Viewing 4 replies - 1 through 4 (of 4 total) * [Diabolo](https://wordpress.org/support/users/cebuss/) * (@cebuss) * [5 years, 6 months ago](https://wordpress.org/support/topic/ultimate-member-hack/#post-13661767) * The last update addressed that issue I believe. * **Edit**: Here is a better article explaining the actions taken and confirming the vulnerability has been addressed [https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/](https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/). - This reply was modified 5 years, 6 months ago by [Diabolo](https://wordpress.org/support/users/cebuss/). * Thread Starter [rosstes](https://wordpress.org/support/users/rosstes/) * (@rosstes) * [5 years, 6 months ago](https://wordpress.org/support/topic/ultimate-member-hack/#post-13662186) * Thank you Diabolo * I have updated the plugin on all 4 sites * Ross * Plugin Contributor [Champ Camba](https://wordpress.org/support/users/champsupertramp/) * (@champsupertramp) * [5 years, 5 months ago](https://wordpress.org/support/topic/ultimate-member-hack/#post-13667367) * Hi [@rosstes](https://wordpress.org/support/users/rosstes/) * Please let us know if you’re still encountering the issue after the update. * Feel free to re-open this thread if there’s any question that may come up. Just change the topic status to “Not Resolved” so we can get back to you. * Regards, * [diggital2016](https://wordpress.org/support/users/diggital2016/) * (@diggital2016) * [5 years, 5 months ago](https://wordpress.org/support/topic/ultimate-member-hack/#post-13681760) * Hi [@champsupertramp](https://wordpress.org/support/users/champsupertramp/), * we had the same issue, deleted the Admin user and updated to UM 2.1.12. After the update the same user created a new account and changed his role to Editor! * What is your suggestion to fix this? We’ll back up the whole site now and update again to the latest version and hope that everything is ok then? * Best regards Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Ultimate Member Hack’ is closed to new replies. * ![](https://ps.w.org/ultimate-member/assets/icon-256x256.png?rev=3160947) * [Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin](https://wordpress.org/plugins/ultimate-member/) * [Frequently Asked Questions](https://wordpress.org/plugins/ultimate-member/#faq) * [Support Threads](https://wordpress.org/support/plugin/ultimate-member/) * [Active Topics](https://wordpress.org/support/plugin/ultimate-member/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ultimate-member/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ultimate-member/reviews/) ## Tags * [administrator](https://wordpress.org/support/topic-tag/administrator/) * [Compromised](https://wordpress.org/support/topic-tag/compromised/) * 4 replies * 4 participants * Last reply from: [diggital2016](https://wordpress.org/support/users/diggital2016/) * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/ultimate-member-hack/#post-13681760) * Status: resolved