Published: 04/07/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ultimatemember ultimate member

Check Point Reference: CPAI-2023-1660 Date Published: 21 Apr 2024 Severity: Critical ...

CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin PoC is now published It was created for educational/research purposes only! Use it at your own risk! thanks for ©gbrsh, I improved the tool a bit

Mass CVE-2023-3460.

Mass-CVE-2023-3460 Mass CVE 2023 3460 Usage mass-CVE-2023-3460py listtxt Credit githubcom/gbrsh/CVE-2023-3460

Exploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin < v2.6.7

CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin PoC is now published It was created for educational/research purposes only! Use it at your own risk!

GitHub repository for CVE-2023-3460 POC

CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin Made with Golang ╔══════════════════════════════════════════════════╗ ╔═══════════════════════════════════�

Exploit and scanner for CVE-2023-3460

CVE-2023-3460 The Ultimate Member WordPress plugin before 267 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will This script perform an exploit for this vulnerability and scan different targets, looking for this vulnerability Install git clone githubcom/diego-tel

Exploit wp capabilities and wordPress ultimate member plugin to create admnistrator account

CVE_2023_3460 Exploit wp capabilities and wordPress ultimate member plugin to create admnistrator account How WordPress treats metadata keys made it possible for attackers to trick the plugin into updating some it shouldn’t, like “wp_capabilities”, which is used to store a user’s role and capabilities This project tested the possibility of exploiting wp

Hướng Dẫn Xây Dựng Môi Trường Khai Thác Lỗ Hổng CVE Trên Wordpress Hướng dẫn này giúp triển khai môi trường nhằm khai thác thành công ba lỗ hổng CVE lần lượt là CVE-2023-2546, CVE-2023-3460, CVE-2023-4596 tồn tại trên các Plugin WP User Switch 102, Ultim

title Sécurité des SI - CVE 2023-38408 Analyse et exploitation de la CVE-2023-3460 CVE ID CVSS Score Discovered Affected Plugin Vulnerability Type CVE-2023-3460 07/04/2023 Ultimate Member Unauthorized Admin Access Sommaire Introduction Mécanisme général de la vulnérabilité Mécanisme de ge

Hướng Dẫn Xây Dựng Môi Trường Khai Thác Lỗ Hổng CVE Trên Wordpress Hướng dẫn này giúp triển khai môi trường nhằm khai thác thành công ba lỗ hổng CVE lần lượt là CVE-2023-2546, CVE-2023-3460, CVE-2023-4596 tồn tại trên các Plugin WP User Switch 102, Ultim

https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7 https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/https://nvd.nist.gov https://github.com/rizqimaulanaa/CVE-2023-3460 https://github.com/yon3zu/Mass-CVE-2023-3460 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1660.html

CVE-2023-3460

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect