WordPress Plugin Vulnerabilities

Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation

Description

The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

Proof of Concept

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.6.7

References

CVE
CVE-2023-3460
URL
https://blog.wpscan.com/hacking-campaign-actively-exploiting-ultimate-member-plugin/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Unknown, Marc Montpas
Verified
Yes
WPVDB ID
694235c7-4469-4ffd-a722-9225b19e98d7

Timeline

Publicly Published
2023-06-29 (about 2 years ago)
Added
2023-06-29 (about 2 years ago)
Last Updated
2023-07-03 (about 2 years ago)

Other

Published
Title
Published
2025-03-31
Title
SMS Alert Order Notifications < 3.8.0 - Unauthenticated Account Takeover/Privilege Escalation
Published
2025-04-17
Title
Quentn WP < 1.2.9 - Unauthenticated Privilege Escalation
Published
2025-10-06
Title
Sonaar < 4.27.5 - Subscriber+ Privilege Escalation
Published
2020-03-25
Title
All-in-One WP Migration < 7.15 - Arbitrary Backup Download
Published
2025-04-24
Title
Vikinger < 1.9.31 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'