← volver
CVE-2023-3460

Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

EPSS 69.6%
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Productos afectados
Unknown · Ultimate Member
PoCs públicas encontradas11
githubgithub.com/gbrsh/CVE-2023-346035githubgithub.com/diego-tella/CVE-2023-34607githubgithub.com/Rajneeshkarya/CVE-2023-34601githubgithub.com/GURJOTEXPERT/CVE-2023-34601githubgithub.com/DiMarcoSK/CVE-2023-3460_POC0githubgithub.com/TranKuBao/CVE-2023-3460_FIX0githubgithub.com/rizqimaulanaa/CVE-2023-34600githubgithub.com/yon3zu/Mass-CVE-2023-34600githubgithub.com/EmadYaY/CVE-2023-34600exploitdbwww.exploit-db.com/exploits/52393no verificadocve_referencewpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7