Rewterz Threat Update – Claim By Anonymous Sudan: Alleged Access To 30 Million Microsoft Accounts
July 4, 2023Rewterz Threat Advisory – CVE-2023-33336 – Sophos Web Appliance Vulnerability
July 5, 2023Rewterz Threat Update – Claim By Anonymous Sudan: Alleged Access To 30 Million Microsoft Accounts
July 4, 2023Rewterz Threat Advisory – CVE-2023-33336 – Sophos Web Appliance Vulnerability
July 5, 2023Severity
High
Analysis Summary
CVE-2023-3460
A critical vulnerability in the plugin allows an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it appears possible to change certain values for the account to be registered. This includes the “wp_capabilities” value, which determines the user’s role on the website.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-3460
Affected Vendors
WordPress
Affected Products
- Ultimate Member Plugin
Remediation
Upgrade to the latest version of wordpress ultimate member plugin, available from the WordPress Plugin Directory.