CVE-2023-3460

nvd nist nuclei

Published: Jul 4, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

Affected (1)

Products: Ultimatemember: Ultimate Member

1 product

Ultimate Member

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ultimatemember Ultimate Member	Before 2.6.7

References (4)

https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7

Source: contact@wpscan.com

ExploitPatch

https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.