CVE-2023-3460
Description
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Severity: CRITICAL
CVE ID: CVE-2023-3460
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-3460
Refrence: Project Discovery GitHub
gbrsh
Exploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin < v2.6.7
Refrence: GitHub
rizqimaulanaa
Refrence: GitHub
yon3zu
Mass CVE-2023-3460.
Refrence: GitHub
EmadYaY
CVE-2023-3460
Refrence: GitHub
diego-tella
Exploit and scanner for CVE-2023-3460
Refrence: GitHub
Rajneeshkarya
Exploit for the vulnerability of Ultimate Member Plugin.
Refrence: GitHub
BlackReaperSK
GitHub repository for CVE-2023-3460 POC
Refrence: GitHub
julienbrs
Refrence: GitHub
Content on GitHub
ollie-blue | watchers:0
CVE_2023_3460
Exploit wp capabilities and wordPress ultimate member plugin to create admnistrator account
Refrence: GitHub