16 matches found
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
!/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an unauthenticated attacker can escalate privileges to admin by abusing unsanitized input in...
Exploit for CVE-2023-3460
🚨 CVE-2023-3460 - WordPress Ultimate Member Privilege Escalati...
Exploit for CVE-2023-3460
CVE-20233460 Lab này dựng lên với mục địch họ...
Exploit for CVE-2023-3460
--- title: "Sécurité des SI - CVE 2023-38408" --- Analyse et...
Exploit for CVE-2023-3460
Ultimate Member - Overview Welcome to the Ultimate Member GitHu...
Exploit for CVE-2023-3460
CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized admin a...
Exploit for CVE-2023-3460
CVE-2023-3460 Exploit for CVE-2023-3460 - Unauthorized adm...
WordPress Ultimate Member Plugin < 2.6.7 Privilege Escalation Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ultimatemember:ultimatemember"; ifdescription...
CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...
CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild...
CVE-2023-3460
CVE-2023-3460 affects the WordPress plugin Ultimate Member prior to version 2.6.7. The vulnerability allows unauthenticated attackers to create user accounts with arbitrary capabilities, effectively enabling privilege escalation to Administrator via manipulation of wp_capabilities during registra...
Zero-Day Exploit Threatens 200,000 WordPress Websites
By Habiba Rashid Tracked as CVE-2023-3460, the zero-day vulnerability possesses a CVSS score of 9.8, indicating its severity. This is a post from HackRead.com Read the original post: Zero-Day Exploit Threatens 200,000 WordPress Websites...
CVE-2023-3460
creationtimestamp| type| source ---|---|--- 2023-07-01 10:08:32+00:00| exploited| https://t.me/KomunitiSiber/434 2023-07-01 10:40:12+00:00| exploited| Telegram/Yszv2jyeE0CnNzq0woty3nqxD61AnKOo31Nn45cNOjLlGA 2023-07-01 15:26:35+00:00| seen| https://t.me/Securi3yTalent/104 2023-07-01 16:55:07+00:00...
Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 CVSS score: 9.8, impacts all versions of the Ultimate Member plugin, including the latest version 2.6.6 tha...
PSA: Unpatched Critical Privilege Escalation Vulnerability in Ultimate Member Plugin Being Actively Exploited
Today, on June 29, 2023, the Wordfence Threat Intelligence Team became aware of an unpatched privilege escalation vulnerability being actively exploited in Ultimate Member, a WordPress plugin installed on over 200,000 sites, through our vulnerability changelog monitoring we do to ensure the...
WordPress Ultimate Member Plugin <= 2.6.6 is vulnerable to Privilege Escalation
Software Ultimate Member Type Plugin Vulnerable versions = 2.6.6 Fixed in 2.6.7 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-3460 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1476fbdff3bc Credits Marc Montpas Required privile...