The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-04T07:23:28.852Z
Updated: 2024-08-02T06:55:03.501Z
Reserved: 2023-06-29T13:45:40.301Z
Link: CVE-2023-3460
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-04T08:15:10.573
Modified: 2023-11-07T04:18:46.730
Link: CVE-2023-3460
Redhat
No data.