What are your main services at Sevenstar Websolutions?

We are an IT company and provide almost every service which comes under the IT platform. Be it web development, app development, SEO, , ORM, blockchain development, video marketing, content marketing and even much more. To get complete information, visit our website.

How much experience you have?

We are in the market from more than a decade and worked for both the national and international clients.

How many projects you have delivered till date?

Since our inception, we have delivered more than 2500 projects in the market and that too with 100% satisfaction.

Do you provide app development services?

Yes, we provide both the android and iOS app development services.

Do you also provide SEO services?

Yes, we provide SEO services and we have different packages for it.

What are your web development frameworks?

We work on the three frameworks which are Laravel, CakePHP and CodeIgniter.

Have you ever designed an e-commerce website?

Yes, we have designed an e-commerce website and done SEO for it as well.

WordPress member Plug-in vulnerability

An announcement was made today that, a WordPress community development plug-in known as Ultimate Member plug-in which was being affected by “critical and severe vulnerabilities”, was patched. This vulnerability is easy to utilize and serve the administrator-level access to attackers, meaning they can do whatever they want to the site.

The tree vulnerabilities of plug-in and their Dread score –

Arbitrary file read and delete: 8.4
Admin dashboard XSS: 7.4
User Profile XSS: 6.8

According to Wordfence, “This vulnerability is considered very serious as it allows originally apocryphal users to easily enhance their rights to those of an administrator. Once an attacker got the administrative access to any WordPress website, they can effectively take over the complete website and can perform whatever they want, from taking the site offline to further effect the website with any malicious software.”

Ultimate Member WordPress Plug-in

The Ultimate Member WordPress plug-in is a form of user profile & membership plug-in for WordPress. It allows a WordPress developer to allow readers or visitors to become members to receive access for various levels as well as to interact with each other socially. It’s can also be used to hinder access to the content to registered authorized users only and to allow various levels of membership advantages, like publishing to the site.

Feature of the plug-in

It serves the possibility of customization.
It allows you to optimize to provide a better user experience.

Ultimate Member Vulnerability

There are three naive vectors in the plug-in and all three are rights increasing exploits. A privilege escalation exploit is caused when an invader increases their rights as a user. With an Unauthenticated Privilege Escalation exploit, a person need not even to be a registered user of the site. These exploits affect the Ultimate Member plug-in involving two apocryphal exploits and one validated exploit. The Authenticated Privilege Escalation advantage allows a registered user to escalate their privileges.

The Unauthenticated Privilege Escalation exploits permit an aggressor to utilize the registration form as an attacking vector. It is suggested that users update promptly to Ultimate Member WordPress plug-in version 2.1.12. that version contains the fix that fixes the susceptibility.

Tags: Plug-ins, WordPress

November 10, 2020