Easily Exploitable Critical Vulnerabilities Patched in ProfilePress Plugin

Several vulnerabilities were discovered in ProfilePress, formerly WP User Avatar, a WordPress plugin installed on over 400,000 sites. These flaws made it possible for an attacker to upload arbitrary files to a vulnerable site and register as an administrator on sites even if user registration was disabled, all without requiring any prior authentication.

These are critical and easily exploitable security issues that have been patched, therefore, we highly recommend updating to the latest patched version available, 3.1.8, immediately if you are running a vulnerable version of this plugin (3.1 – 3.1.3).