Vulnerability CVE-2023-3460


Published: 2023-07-04

Description:
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WordPress Ultimate Member 2.6.6 Privilege Escalation
Marc-Alexandre M...
30.06.2023

Type:

CWE-269

(Improper Privilege Management)

 References:
https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7
https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Copyright 2024, cxsecurity.com

 

Back to Top