Lucene search
K

16 matches found

Exploit DB
Exploit DB
added 2025/08/03 12:0 a.m.462 views

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

!/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an unauthenticated attacker can escalate privileges to admin by abusing unsanitized input in...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2025/07/22 10:10 a.m.280 views

Exploit for CVE-2023-3460

🚨 CVE-2023-3460 - WordPress Ultimate Member Privilege Escalati...

9.8CVSS9.8AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2024/12/11 7:38 a.m.303 views

Exploit for CVE-2023-3460

CVE-20233460 Lab này dựng lên với mục địch họ...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2024/01/04 10:43 p.m.542 views

Exploit for CVE-2023-3460

--- title: "Sécurité des SI - CVE 2023-38408" --- Analyse et...

9.8CVSS10AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2023/07/27 3:19 p.m.379 views

Exploit for CVE-2023-3460

Ultimate Member - Overview Welcome to the Ultimate Member GitHu...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2023/07/07 12:40 p.m.459 views

Exploit for CVE-2023-3460

CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized admin a...

9.8CVSS9.7AI score0.72306EPSS
Exploits12
GithubExploit
GithubExploit
added 2023/07/05 1:44 p.m.623 views

Exploit for CVE-2023-3460

CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized adm...

9.8CVSS9.8AI score0.72306EPSS
Exploits12
OpenVAS
OpenVAS
added 2023/07/05 12:0 a.m.17 views

WordPress Ultimate Member Plugin < 2.6.7 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ultimatemember:ultimatemember"; ifdescription...

9.8CVSS7.1AI score0.72306EPSS
Exploits12References1
Vulnrichment
Vulnrichment
added 2023/07/04 7:23 a.m.17 views

CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

6.9AI score0.72306EPSS
Exploits12References2
Cvelist
Cvelist
added 2023/07/04 7:23 a.m.31 views

CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...

9.6AI score0.72306EPSS
Exploits12References2
CVE
CVE
added 2023/07/04 7:23 a.m.177 views

CVE-2023-3460

CVE-2023-3460 affects the WordPress plugin Ultimate Member prior to version 2.6.7. The vulnerability allows unauthenticated attackers to create user accounts with arbitrary capabilities, effectively enabling privilege escalation to Administrator via manipulation of wp_capabilities during registra...

9.8CVSS9.5AI score0.72306EPSS
Exploits12References2Affected Software1
HackRead
HackRead
added 2023/07/03 2:59 p.m.45 views

Zero-Day Exploit Threatens 200,000 WordPress Websites

By Habiba Rashid Tracked as CVE-2023-3460, the zero-day vulnerability possesses a CVSS score of 9.8, indicating its severity. This is a post from HackRead.com Read the original post: Zero-Day Exploit Threatens 200,000 WordPress Websites...

7AI score0.72306EPSS
Exploits12
Circl
Circl
added 2023/07/01 10:8 a.m.46 views

CVE-2023-3460

creationtimestamp| type| source ---|---|--- 2023-07-01 10:08:32+00:00| exploited| https://t.me/KomunitiSiber/434 2023-07-01 10:40:12+00:00| exploited| Telegram/Yszv2jyeE0CnNzq0woty3nqxD61AnKOo31Nn45cNOjLlGA 2023-07-01 15:26:35+00:00| seen| https://t.me/Securi3yTalent/104 2023-07-01 16:55:07+00:00...

9.8CVSS7.5AI score0.72306EPSS
Exploits12References20
The Hacker News
The Hacker News
added 2023/07/01 7:25 a.m.10 views

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...

9.8CVSS7AI score0.72306EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2023/06/29 8:43 p.m.39 views

PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited

Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the...

7.5CVSS7.4AI score0.72306EPSS
Exploits12
Patchstack
Patchstack
added 2023/06/29 12:0 a.m.16 views

WordPress Ultimate Member Plugin <= 2.6.6 is vulnerable to Privilege Escalation

Software Ultimate Member Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-3460 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1476fbdff3bc Credits Marc Montpas Required privile...

9.8CVSS6.6AI score0.72306EPSS
Exploits12References3Affected Software1
Rows per page
Query Builder