A critical vulnerability in the User Registration & Membership plugin, installed on over 60,000 WordPress sites, is being exploited by hackers to create admin accounts. This bug allows attackers to gain elevated privileges, potentially leading to full site compromise. The affected plugin is a popular choice for managing user registrations and memberships, making it an attractive target for malicious actors. As a result, numerous WordPress sites are now vulnerable to exploitation, with hackers leveraging the flaw to create admin accounts and gain unauthorized access1. The widespread nature of this vulnerability, combined with the potential for severe consequences, makes it a significant concern for site administrators. So what matters most to practitioners is that they must immediately assess their plugin versions and update to a patched release to prevent potential site compromise.