On Monday, Wordfence shared that a plugin called Ultimate Member, which is installed on more than 100,000 sites, has several critical security flaws that allow attackers to take over a site.