Hello, we bought ARMember on one of our website to allow subscribed users to access some private pages. We got a problem recently with privilege escalation, the vulnerability was notified by Ithemes Security but we also had some not legit accounts created and activated automatically. In our case, only the administrator of the website must activate the members created with ARMember.
We updated the plugin, and did some security checks and modifications on our side but we still have the problem,
Do you have any solutions? I just disabled XML-RPC with Ithemes Security, hoping it will fix the issue… but I don’t think so
