Skip to main content

CVE-2023-3460

Description

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-3460
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-3460
gbrsh

Exploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin < v2.6.7

Refrence: GitHub

rizqimaulanaa

Refrence: GitHub

yon3zu

Mass CVE-2023-3460.

Refrence: GitHub

EmadYaY

CVE-2023-3460

Refrence: GitHub

diego-tella

Exploit and scanner for CVE-2023-3460

Refrence: GitHub

Rajneeshkarya

Exploit for the vulnerability of Ultimate Member Plugin.

Refrence: GitHub

BlackReaperSK

GitHub repository for CVE-2023-3460 POC

Refrence: GitHub

julienbrs

Refrence: GitHub

Content on GitHub

ollie-blue | watchers:0

CVE_2023_3460
Exploit wp capabilities and wordPress ultimate member plugin to create admnistrator account

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.9