cve/2023/CVE-2023-3460.md

### [CVE-2023-3460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3460)
![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Member&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)

### Description

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

### POC

#### Reference
- https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7

#### Github
- https://github.com/BlackReaperSK/CVE-2023-3460_POC
- https://github.com/EmadYaY/CVE-2023-3460
- https://github.com/Fire-Null/CVE-2023-3460
- https://github.com/Fire-Null/Write-Ups
- https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem
- https://github.com/Rajneeshkarya/CVE-2023-3460
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/diego-tella/CVE-2023-3460
- https://github.com/gbrsh/CVE-2023-3460
- https://github.com/hheeyywweellccoommee/CVE-2023-3460-obgen
- https://github.com/hung1111234/KhaiThacLoHongPhanMem
- https://github.com/julienbrs/exploit-CVE-2023-3460
- https://github.com/motikan2010/blog.motikan2010.com
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ollie-blue/CVE_2023_3460
- https://github.com/rizqimaulanaa/CVE-2023-3460
- https://github.com/yon3zu/Mass-CVE-2023-3460
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-3460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3460)`
			`![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Member&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.7%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)`

			`### Description`

			`The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.`

			`### POC`

			`#### Reference`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`- https://github.com/BlackReaperSK/CVE-2023-3460_POC`
			`- https://github.com/EmadYaY/CVE-2023-3460`
			`- https://github.com/Fire-Null/CVE-2023-3460`
			`- https://github.com/Fire-Null/Write-Ups`
			`- https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem`
			`- https://github.com/Rajneeshkarya/CVE-2023-3460`
			`- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android`
			`- https://github.com/diego-tella/CVE-2023-3460`
			`- https://github.com/gbrsh/CVE-2023-3460`
			`- https://github.com/hheeyywweellccoommee/CVE-2023-3460-obgen`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`- https://github.com/hung1111234/KhaiThacLoHongPhanMem`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/julienbrs/exploit-CVE-2023-3460`
			`- https://github.com/motikan2010/blog.motikan2010.com`
			`- https://github.com/netlas-io/netlas-dorks`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/ollie-blue/CVE_2023_3460`
			`- https://github.com/rizqimaulanaa/CVE-2023-3460`
			`- https://github.com/yon3zu/Mass-CVE-2023-3460`