9.8
CVE-2023-3460
- EPSS 92.84%
- Veröffentlicht 04.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 08:17:19
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginUltimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Mögliche Gegenmaßnahme
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.6.7, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
*-2.6.6
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ultimatemember ≫ Ultimate Member SwPlatformwordpress Version < 2.6.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.84% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|