Security Vulnerability

Versions of Ultimate Member other than 2.0.23+ and 1.3.89 contain a security vulnerability, allowing attackers to upload malicious php files. You should update your site to the latest version immediately if you have not already. You should also update the social activity extension to latest version if you are using this extension.

We have closed the security vulnerability in 2.0.23+ (and 1.3.89 for users who have not updated to 2.0 yet. You may use WP Rollback plugin for upgrading to 1.3.89) but the consequences of the infection can remain on your site.

After the update, please clear the temporary files folder. It will be cleared after 2.0.25 upgrade automatically. You can also do it manually using this doc

https://www.screencast.com/t/9DETRfAEMfGM or via FTP “wp-content/uploads/ultimatemember/temp” folder

You should do a scan of your installation WP for malicious files. The best way to do it is to use WordFence or Sucuri plugin. You can also contact your hosting provider and find out what files have been recently added or modified.

At the moment, there are several possible ways of infection:

1) Description is there https://secure.helpscout.net/docs/561c9af29033600a7a36d66d/article/5b7692f90428631d7a8a1643/
2) The hack created new files like: ~/public/wp-super_cache.php Infected the entire WM temp directory, pretty much every index.php, etc.
3) There were some changes in WP default jQuery library “wp-includes/js/jquery/jquery.js” on some installs after infected
4) Please check your wp-config.php file, there can be some infected strings

You may also reload local copies of your files (WP core, plugins, themes) on the site.

Further reading from Securi team: https://www.inmotionhosting.com/blog/attention-wordpress-ultimate-member-plugin-users-new-security-information/