Security Advisory

CVE-2023-3460

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-04 07:23:28

Last updated 2024-11-25 16:47:17

Assigner WPScan

State PUBLISHED

Description

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

← Browse all CVEs View on cve.org ↗