CVE-2023-3460 - CERT CVE
ID CVE-2023-3460
Sažetak The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Reference
CVSS
Base: 9.8
Impact: 5.9
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW -
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 07-11-2023 - 04:18
Objavljeno 04-07-2023 - 08:15