The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.

This popular plugin, which has more than 300,000 active installations has a serious vulnerability.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)