CVE-2023-3460

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 4, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-3460 is a critical vulnerability affecting the Ultimate Member plugin for WordPress. This issue allows visitors to create user accounts with arbitrary capabilities, bypassing the plugin's security restrictions. Attackers can exploit this vulnerability to generate administrator accounts at will, posing a significant risk to WordPress sites using the affected plugin version before 2.6.7. The exploitation of this vulnerability is currently observed in the wild, making it an urgent security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ultimatemember Ultimate Member

Affected Vendors

Ultimatemember

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r0o3t5
https://www.cve.org/CVERecord?id=CVE-2023-3460
https://nvd.nist.gov/vuln/detail/CVE-2023-3460

Back to Vulnerability Database