CVE-2023-3460

This exploit demonstrates a privilege escalation vulnerability in the Ultimate Member WordPress plugin by manipulating the `wp_capabilities` parameter during registration to grant administrator privileges to a newly created user.

This exploit targets CVE-2023-3460 in the Ultimate Member WordPress plugin, allowing unauthorized admin account creation by manipulating the registration form with a crafted nonce and capabilities parameter.

This exploit PoC automates the creation of an administrator account in WordPress sites using the Ultimate Member plugin (versions < 2.6.7) by leveraging CVE-2023-3460, which allows arbitrary capability assignment during user registration. It includes version checking and nonce extraction for proper exploitation.

The repository contains functional exploit code for CVE-2023-3460, demonstrating a UNION-based SQL Injection vulnerability in the WordPress YAWPP plugin. The PoC includes authentication, payload injection, and data exfiltration steps.

This is a functional PoC exploit for CVE-2023-3460, which allows unauthenticated users to create an administrator account in WordPress Ultimate Member plugin by manipulating registration form data. The script automates the process of fetching CSRF tokens and injecting malicious payloads to escalate privileges.

This exploit targets CVE-2023-3460 in the Ultimate Member WordPress plugin (versions < 5.6.7) by leveraging a privilege escalation vulnerability to create an admin user. It automates the process by extracting a nonce and submitting a crafted registration form with admin capabilities.

This repository contains a working exploit for CVE-2023-3460, an unauthenticated arbitrary user creation vulnerability in Ultimate Member <= 2.6.6. The exploit creates an admin user by manipulating form data and nonce values.

This repository contains a detailed writeup and analysis of CVE-2023-3460, a critical vulnerability in the Ultimate Member WordPress plugin that allows unauthorized admin access. The README provides an in-depth explanation of the vulnerability mechanism, security implications, and mitigation strategies.

This PoC exploits CVE-2023-3460, an unauthorized admin access vulnerability in the Ultimate Member WordPress plugin. It automates the creation of an admin user by bypassing authentication and leveraging a nonce extraction technique.

This repository provides a detailed writeup on CVE-2023-3460, a privilege escalation vulnerability in the Ultimate Member WordPress plugin. The exploit leverages accent character obfuscation to bypass the `is_metakey_banned` function, allowing an attacker to set arbitrary user capabilities during registration.

This PoC exploits CVE-2023-3460, an unauthorized admin access vulnerability in the Ultimate Member WordPress plugin. It checks the plugin version and, if vulnerable, creates an admin user via a crafted registration request.

This exploit targets CVE-2023-3460, an unauthorized admin access vulnerability in the Ultimate Member WordPress plugin. It automates the process of creating an administrator account by bypassing authentication checks.