Headline

CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

1 year ago

CVE

Open in Source

#wordpress

By Habiba Rashid Tracked as CVE-2023-3460, the zero-day vulnerability possesses a CVSS score of 9.8, indicating its severity. This is a post from HackRead.com Read the original post: Zero-Day Exploit Threatens 200,000 WordPress Websites

1 year ago

HackRead

Open in Source

#vulnerability #web #wordpress #auth #zero_day

Unpatched WordPress Plugin Flaw Could Let Hackers Create Secret Admin on 200,000 Sites

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a popular plugin that facilitates the

1 year ago

The Hacker News

Open in Source

#vulnerability #web #wordpress #auth #The Hacker News

WordPress Ultimate Member 2.6.6 Privilege Escalation

WordPress Ultimate Member plugin versions 2.6.6 and below suffer from a privilege escalation vulnerability.

1 year ago

Packet Storm

Open in Source

#vulnerability #web #wordpress #intel #auth