A critical vulnerability has been discovered in the Bricks WordPress theme.
859 
The Wordfence security team has discovered a serious vulnerability in the Ultimate Member plugin for WordPress that could affect 100,000 sites, allowing unauthenticated users to perform XSS attacks.
The vulnerability, identified as CVE-2024-2123, allows attackers to inject malicious scripts into sites using the plugin via the stored cross-site scripting (XSS) mechanism. This problem occurs due to insufficiently secure handling of data input and output in the member directory list functionality. The developers patched the vulnerability by releasing update 2.8.4 for the plugin.
Ultimate Member is a popular WordPress user profile plugin with over 200,000 active installs. It allows users to register, login to the site and manage profiles. However, the discovered vulnerability poses a significant risk to the security of these sites.
Owners of WordPress sites using the Ultimate Member plugin are strongly advised to immediately update the plugin to the latest version to avoid possible attacks due to the identified vulnerability. This will protect their sites from potential intrusions and keep user data safe.
859 
1280 
756