Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2023-3460

CVE, Research URL: CVE-2023-3460
Home page URL: Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Application: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Published on: Jul 04, 2023
Research Description: The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Affected versions: max 2.6.9.
Status: vulnerable

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin, CVE-2023-3460