Critical severity9.8NVD Advisory· Published Jul 4, 2023· Updated Jun 17, 2026
CVE-2023-3460
CVE-2023-3460
Description
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.6.7
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/694235c7-4469-4ffd-a722-9225b19e98d7nvdExploitPatch
- blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.