Over 300,000 Users May Have: Read Latest Website Security Update and Make Sure You are Locked Down
The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.
This popular plugin, which has more than 300,000 active installations has a serious vulnerability.
The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.
As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)
Read more of the technical bits on the WordFence blog post here