cve/2023/CVE-2023-3460.md

### [CVE-2023-3460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3460)
![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Member&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)

### Description

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/BlackReaperSK/CVE-2023-3460_POC
- https://github.com/EmadYaY/CVE-2023-3460
- https://github.com/Fire-Null/CVE-2023-3460
- https://github.com/Fire-Null/Write-Ups
- https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem
- https://github.com/Rajneeshkarya/CVE-2023-3460
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/diego-tella/CVE-2023-3460
- https://github.com/gbrsh/CVE-2023-3460
- https://github.com/hheeyywweellccoommee/CVE-2023-3460-obgen
- https://github.com/julienbrs/exploit-CVE-2023-3460
- https://github.com/motikan2010/blog.motikan2010.com
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ollie-blue/CVE_2023_3460
- https://github.com/rizqimaulanaa/CVE-2023-3460
- https://github.com/yon3zu/Mass-CVE-2023-3460
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-3460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3460)`
			`![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Member&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.7%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen)`

			`### Description`

			`The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/BlackReaperSK/CVE-2023-3460_POC`
			`- https://github.com/EmadYaY/CVE-2023-3460`
			`- https://github.com/Fire-Null/CVE-2023-3460`
			`- https://github.com/Fire-Null/Write-Ups`
			`- https://github.com/LUUANHDUC/KhaiThacLoHongPhanMem`
			`- https://github.com/Rajneeshkarya/CVE-2023-3460`
			`- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android`
			`- https://github.com/diego-tella/CVE-2023-3460`
			`- https://github.com/gbrsh/CVE-2023-3460`
			`- https://github.com/hheeyywweellccoommee/CVE-2023-3460-obgen`
			`- https://github.com/julienbrs/exploit-CVE-2023-3460`
			`- https://github.com/motikan2010/blog.motikan2010.com`
			`- https://github.com/netlas-io/netlas-dorks`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/ollie-blue/CVE_2023_3460`
			`- https://github.com/rizqimaulanaa/CVE-2023-3460`
			`- https://github.com/yon3zu/Mass-CVE-2023-3460`