This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical **Privilege Escalation** flaw in Ultimate Member. π **Consequences**: Attackers can bypass security controls to gain **Unauthorized Admin Access**.β¦
π₯ **Affected**: WordPress sites using the **Ultimate Member** plugin. π **Version**: Versions **prior to 2.6.7**. π¦ **Component**: The user registration and profile management module of the plugin.
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Create new user accounts with **Arbitrary Capabilities**. π― **Result**: Specifically, they can create **Administrator** accounts from scratch.β¦
β‘ **Threshold**: **LOW**. π **Auth**: **Unauthenticated**. π **Config**: No login required. Any visitor can trigger the vulnerability via the registration/profile update endpoint. It is extremely easy to exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. π **PoCs**: Multiple exploits are live on GitHub (e.g., by gbrsh, rizqimaulanaa, diego-tella). π **Wild Exploitation**: Active campaigns are exploiting this, as noted in WPScan reports.β¦
π **Self-Check**: 1. Check plugin version in WP Admin. 2. Use scanners like `CVE-2023-3460` Python scripts to test targets. 3. Look for unauthorized admin users in the database.β¦
π **No Patch Workaround**: 1. **Disable** the Ultimate Member plugin immediately. 2. Restrict user registration to **Admin-only** via WordPress settings. 3. Monitor user creation logs for suspicious admin accounts.β¦
β οΈ **Urgency**: **CRITICAL**. π΄ **Priority**: **P1**. π¨ **Action**: Patch **IMMEDIATELY**. Since it allows unauthenticated admin takeover, your site is likely being scanned and compromised right now. Do not wait.