The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimatemember ultimate member |