Login Sign Up

CVE-2023-3460

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

The Ultimate Member WordPress plugin before version 2.6.7 contains a critical vulnerability that allows unauthenticated attackers to create user accounts with administrator privileges. This affects all WordPress sites running vulnerable versions of the plugin, potentially compromising the entire site.

💻 Affected Systems

Products:
  • Ultimate Member WordPress Plugin
Versions: All versions before 2.6.7
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all WordPress installations with the vulnerable plugin version, regardless of configuration.

📦 What is this software?

Ultimate Member by Ultimatemember

View all CVEs affecting Ultimate Member →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover - attackers gain full administrative control, can deface the site, steal data, install malware, or use the site for further attacks.

🟠

Likely Case

Attackers create backdoor administrator accounts to maintain persistent access, leading to data theft, malware distribution, or site defacement.

🟢

If Mitigated

With proper monitoring and access controls, unauthorized admin accounts could be detected and removed before significant damage occurs.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and this vulnerability requires no authentication, making all vulnerable sites immediately exploitable.
🏢 Internal Only: LOW - This primarily affects internet-facing WordPress installations; internal-only deployments would only be at risk if attackers have internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Actively exploited in the wild with automated attacks targeting vulnerable WordPress sites.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.7

Vendor Advisory: https://wordpress.org/plugins/ultimate-member/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Ultimate Member plugin. 4. Click 'Update Now' if available. 5. If not, download version 2.6.7+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable Ultimate Member Plugin

linux

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate ultimate-member

Restrict User Registration

all

Disable user registration in WordPress settings if not required.

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block user registration requests with admin capabilities
  • Enable detailed logging of user registration events and monitor for suspicious admin account creation

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Ultimate Member → Version number. If version is below 2.6.7, you are vulnerable.

Check Version:

wp plugin get ultimate-member --field=version

Verify Fix Applied:

Verify Ultimate Member plugin version is 2.6.7 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual user registration events, especially with administrator role
  • Multiple failed login attempts followed by successful admin login from new accounts

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with user registration parameters
  • Traffic patterns showing mass registration attempts

SIEM Query:

source="wordpress.log" AND ("user_registered" OR "new_user") AND ("administrator" OR "role=administrator")

📊 Metadata

CVE ID: CVE-2023-3460
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: July 4, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON