{"vulnerability": "cve-2023-3460", "sightings": [{"uuid": "abc79792-9c6e-4479-88f8-e7feb874fba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lvhzpxrrnw2q", "content": "", "creation_timestamp": "2025-08-03T06:15:46.264634Z"}, {"uuid": "c3168158-b4ab-424b-a4fb-2daf5441a60c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34600", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4571", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-34600\nURL\uff1ahttps://github.com/costacoco/Adiscon\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-06-16T08:42:39.000000Z"}, {"uuid": "189c2eca-5530-421e-a6b9-40cb1ecd0e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:01.000000Z"}, {"uuid": "68e5e8ed-384e-4cc2-a042-e0eb60366ae0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lvm3qfymt225", "content": "", "creation_timestamp": "2025-08-04T21:02:26.931019Z"}, {"uuid": "086cfe05-28ef-4829-aa25-45c783ef6dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4689", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin &lt; v2.6.7\nURL\uff1ahttps://github.com/gbrsh/CVE-2023-3460\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-05T13:57:51.000000Z"}, {"uuid": "a03501a9-f657-454d-8efa-d07c1410675b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4724", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-3460\nURL\uff1ahttps://github.com/Fire-Null/CVE-2023-3460\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-11T12:55:42.000000Z"}, {"uuid": "e8afd2ee-e8f3-4248-93e2-9577f786fc8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4714", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass CVE-2023-3460.\nURL\uff1ahttps://github.com/yon3zu/Mass-CVE-2023-3460\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-09T16:58:57.000000Z"}, {"uuid": "94be1907-f3cb-4558-a916-8d70f4d3a603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4925", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aGitHub repository for CVE-2023-3460 POC\nURL\uff1ahttps://github.com/BlackReaperSK/CVE-2023-3460_POC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-15T18:59:21.000000Z"}, {"uuid": "38d56e59-28ea-4b50-98b4-112d96bb9794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "Telegram/ob3ApfAE6EHI6NjLbS_XCsia6s8iqNv2KsBh3QeTlw", "content": "", "creation_timestamp": "2023-08-08T11:22:05.000000Z"}, {"uuid": "812937ea-a576-49b4-a8b5-b944a5f50a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "Telegram/DRH-CbZo7gKaJp6e4sRAX_WtNevOE1gzfcn9exSBM5ol164", "content": "", "creation_timestamp": "2025-07-23T03:00:11.000000Z"}, {"uuid": "7f79ad2a-480f-48df-ae71-57862e0b7571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3121", "content": "25 Tools \ud83d\udd27 \ud83d\udd27 - Hackers Factory\n\n\u200b\u200bstratosphere\n\nA free and open source #OSINT platform that automatically collects every page you visit, building a private knowledge base you can analyze with Jupyter notebooks and an extensible suite of web apps including:\n\n\u2022 LinkedIn contacts and companies explorer: Explore previously browsed LinkedIn profiles and companies\n\u2022 Google search results: Review your past Google search results\n\u2022 vk.com contacts explorer: Explore previously seen vk.com contacts, highlighting their connections\n\u2022 Flows overview: Overview of web traffic intercepted in the last 10 minutes\n\nhttps://github.com/elehcimd/stratosphere\n\n#cybersecurity #infosec\n\n\u200b\u200bFreeroute\n\nA traffic router which can direct traffic to different gateways based on destination domain. It is designed to be used in conjunction with a VPN client such as OpenVPN, to allow traffic to be routed to the VPN or directly to the internet.\n\nhttps://github.com/admitrievsky/freeroute\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-2255\n\nRemote documents loaded without prompt via IFrame\n\nhttps://github.com/elweth-sec/CVE-2023-2255\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32235\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.\n\nhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bEasyScan\n\nA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.\n\nhttps://github.com/introvertmac/EasyScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCloudPrivs\n\nDetermine privileges from cloud credentials via brute-force testing.\n\nhttps://github.com/AbstractClass/CloudPrivs\n\n#infosec #pentesting #redteam\n\nBadZure\n\nBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.\n\nhttps://github.com/mvelazc0/BadZure\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-3460\n\nUnauthorized admin access for Ultimate Member plugin POC.\n\nhttps://github.com/Fire-Null/CVE-2023-3460\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bNoSQL Injection\n\nThe Power of Secure Coding Practices: Safeguarding MongoDB Against Exploitation.\n\nhttps://github.com/kiliczsh/nosql-injection\n\n#cybersecurity #infosec\n\n\u200b\u200bFindmytakeover\n\nFind dangling domains in a multi cloud environment.\n\nhttps://github.com/anirudhbiyani/findmytakeover\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2023-35803\n\nPoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine.\n\nhttps://github.com/lachlan2k/CVE-2023-35803\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPerfExec Tooling PoC\n\nThe code is not super clean but project contains an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.\n\nhttps://github.com/0xthirteen/PerfExec\n\n#cybersecurity #infosec\n\n\u200b\u200bSharpDXWebcam \n\nUtilizing the DirectX and DShowNET assemblies to record video from the host's webcam.\n\nhttps://github.com/snovvcrash/SharpDXWebcam\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bDocumentSpark\n\nSimple secure document viewing server. Converts a document to a picture of its pages. Content disarm and reconstruction. CDR. Formerly p2. The CDR solution for BrowserBox Pro remote browser isolation.\n\nhttps://github.com/dosyago/documentspark\n\n#cybersecurity #infosec\n\n\u200b\u200bVenera Framework\n\nA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.\n\nhttps://github.com/farinap5/Venera\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNavgix\n\nA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.\n\nhttps://github.com/hakaioffsec/navgix\n\n#infosec #pentesting #bugbounty\n\n1/2", "creation_timestamp": "2023-07-15T21:16:33.000000Z"}, {"uuid": "5bc86887-94a5-4f76-8806-2b55f56b4d5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "https://t.me/KomunitiSiber/434", "content": "Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts\nhttps://thehackernews.com/2023/07/unpatched-wordpress-plugin-flaw-could.html\n\nAs many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin.\nThe flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023.\nUltimate Member is a\u00a0popular plugin\u00a0that facilitates the", "creation_timestamp": "2023-07-01T10:08:32.000000Z"}, {"uuid": "4f52c5a3-1542-40b8-9476-3a4d31d7fbd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "Telegram/41x0ehRtyui5A33qllbmBSIYGP1YCNYajGC18j35qll50w", "content": "", "creation_timestamp": "2023-07-21T16:28:58.000000Z"}, {"uuid": "6225ef83-5598-4ec5-9c4c-7de5d820c2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "Telegram/rGdLu2prUteoBMl8FutBNCc-vbsw26vDKJnnnmk9ykuzQg", "content": "", "creation_timestamp": "2023-07-29T10:45:55.000000Z"}, {"uuid": "c50a08cb-9e88-475a-b63e-ee6e4c8d0d29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4743", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aExploit for CVE-2023-3460\nURL\uff1ahttps://github.com/diego-tella/CVE-2023-3460\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-07-12T21:42:09.000000Z"}, {"uuid": "f5c3eac9-1d0d-49bb-8c1c-8b9bd03000fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "Telegram/vw4q6NnEIDAikhiaBRh2TpobzFy-NsIM6uQF5QGqkBjq1IU", "content": "", "creation_timestamp": "2023-07-01T16:55:07.000000Z"}, {"uuid": "2002e918-ab5e-4e97-818e-205078194dbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "Telegram/Yszv2jyeE0CnNzq0woty3nqxD61AnKOo31Nn45cNOjLlGA", "content": "", "creation_timestamp": "2023-07-01T10:40:12.000000Z"}, {"uuid": "37c0410a-2a2b-4351-9e5a-0968b40bd891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3920", "content": "\ud83d\udd30\ud83d\udc7eCVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin POC : https://system32.ink/cve-2023-3460-unauthorized-admin-access-for-ultimate-member-plugin-poc/\n\n\ud83c\udf2a\ufe0f\ud83d\udca5SQLiv - Massive SQL Injection Scanner Tool : https://system32.ink/sqliv-massive-sql-injection-scanner-tool/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fGlobant Argentina IT Company leak : https://system32.ink/globant-argentina-it-company-leak/\n\n\u2b50\ud83d\udd30Equipo_io Data Leak : https://system32.ink/equipo.io-data-leak/\n\n\u26a1\ud83c\udf2a\ufe0f550k Thailand ID-Card Data ! | 2023 : https://system32.ink/550k-thailand-id-card-data-2023/\n\n\u2b50\ud83d\udc7eSanmina Corporation Leak : https://system32.ink/sanmina-corporation-leak/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-21T16:28:09.000000Z"}, {"uuid": "84d75d02-a7bf-4410-9975-3868a14317c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "seen", "source": "https://t.me/Securi3yTalent/104", "content": "\ud83d\udea8 A critical unpatched security vulnerability in the Ultimate Member plugin is leaving approximately 200,000 WordPress websites vulnerable to ongoing attacks.\n---\n\u2699\ufe0f\ud83d\udd0dVulnerability Details :\nThe vulnerability, identified as CVE-2023-3460 with a CVSS score of 9.8, affects all versions of the Ultimate Member plugin, including the latest release (2.6.6) on June 29, 2023.\n---\n\ud83d\udcdd Description :\nUnauthenticated attackers can exploit this vulnerability to create new user accounts with administrative privileges, granting them complete control over compromised sites. This is a serious issue highlighted by WordPress security firm WPScan.\nPartial fixes have been issued by the plugin maintainers in versions 2.6.4, 2.6.5, and 2.6.6. However, WPScan warns that these patches are incomplete, allowing attackers to find ways to bypass them.\n\nMore About: \nhttps://www.facebook.com/devmehedi101", "creation_timestamp": "2023-07-01T15:26:35.000000Z"}, {"uuid": "5f0810cf-e0e3-4d1c-9d0e-874ff5921774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/941", "content": "", "creation_timestamp": "2023-07-25T06:11:28.000000Z"}, {"uuid": "83ec4a29-dbc5-42bb-99d5-eea969db0779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3892", "content": "\ud83d\udd30\ud83d\udc7eCVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin POC : https://system32.ink/cve-2023-3460-unauthorized-admin-access-for-ultimate-member-plugin-poc/\n\n\ud83c\udf2a\ufe0f\ud83d\udca5SQLiv - Massive SQL Injection Scanner Tool : https://system32.ink/sqliv-massive-sql-injection-scanner-tool/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fGlobant Argentina IT Company leak : https://system32.ink/globant-argentina-it-company-leak/\n\n\u2b50\ud83d\udd30Equipo_io Data Leak : https://system32.ink/equipo.io-data-leak/\n\n\u26a1\ud83c\udf2a\ufe0f550k Thailand ID-Card Data ! | 2023 : https://system32.ink/550k-thailand-id-card-data-2023/\n\n\u2b50\ud83d\udc7eSanmina Corporation Leak : https://system32.ink/sanmina-corporation-leak/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-14T16:06:51.000000Z"}, {"uuid": "d55e0a8e-a32e-4e4b-b41a-abed260384f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "https://t.me/cibsecurity/65931", "content": "\u203c CVE-2023-3460 \u203c\n\nThe Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-04T12:28:26.000000Z"}, {"uuid": "2a893105-4e85-476d-840c-515c50abfd2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "https://t.me/true_secator/4570", "content": "\u0425\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 0-day \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Ultimate Member \u0434\u043b\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u041f\u043b\u0430\u0433\u0438\u043d Ultimate Member \u0434\u043b\u044f \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432 \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 WordPress \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u0435\u0435\u00a0200 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a.\n\nCVE-2023-3460 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u043e\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044f Ultimate Member, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0430\u043c\u0443\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e v2.6.6.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u0441\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 2.6.3, 2.6.4, 2.6.5 \u0438 2.6.6, \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.\u00a0\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u0430\u0434 \u0440\u0435\u0448\u0435\u043d\u0438\u0435\u043c \u0438 \u043d\u0430\u0434\u0435\u044e\u0442\u0441\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n\u0410\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Wordfence, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442 \u043c\u0435\u0442\u0430-\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u00abwp_capabilities\u00bb \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0430\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0441\u0430\u0439\u0442\u0443.\n\n\u0423 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0435\u0441\u0442\u044c \u0447\u0435\u0440\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043a\u043b\u044e\u0447\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u0434\u043e\u043b\u0436\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c;\u00a0\u043e\u0434\u043d\u0430\u043a\u043e \u043e\u0431\u043e\u0439\u0442\u0438 \u044d\u0442\u0443 \u043c\u0435\u0440\u0443 \u0437\u0430\u0449\u0438\u0442\u044b \u0442\u0440\u0438\u0432\u0438\u0430\u043b\u044c\u043d\u043e, \u0433\u043e\u0432\u043e\u0440\u0438\u0442 Wordfence.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c, WordFence \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c Ultimate Member.\n\nWordfence \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442, \u0447\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u043d\u0435 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0435\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c \u0437\u0430\u0449\u0438\u0442\u044b.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0435\u0441\u043b\u0438 \u0441\u0430\u0439\u0442 \u0431\u044b\u043b \u0443\u0436\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0431\u0443\u0434\u0435\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0438\u0441\u043a\u0430. \u0412 \u044d\u0442\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0435 \u0443\u0447\u0435\u0442\u043a\u0438.", "creation_timestamp": "2023-07-03T12:18:08.000000Z"}, {"uuid": "f05007be-c0ad-48ef-9587-30abb14c0cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4158", "content": "\ud83d\udd30\ud83d\udc7eCVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin POC : https://system32.ink/cve-2023-3460-unauthorized-admin-access-for-ultimate-member-plugin-poc/\n\n\ud83c\udf2a\ufe0f\ud83d\udca5SQLiv - Massive SQL Injection Scanner Tool : https://system32.ink/sqliv-massive-sql-injection-scanner-tool/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fGlobant Argentina IT Company leak : https://system32.ink/globant-argentina-it-company-leak/\n\n\u2b50\ud83d\udd30Equipo_io Data Leak : https://system32.ink/equipo.io-data-leak/\n\n\u26a1\ud83c\udf2a\ufe0f550k Thailand ID-Card Data ! | 2023 : https://system32.ink/550k-thailand-id-card-data-2023/\n\n\u2b50\ud83d\udc7eSanmina Corporation Leak : https://system32.ink/sanmina-corporation-leak/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-08-23T23:03:42.000000Z"}, {"uuid": "b6306f3d-bf09-421a-92a1-fed9b1ecb67c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "Telegram/kkgGLOvwt5TeWVq-iEEdcGW8tPJcBdQmOFJVR_fmIWKPjck", "content": "", "creation_timestamp": "2023-08-09T20:19:10.000000Z"}, {"uuid": "edacb690-112d-41bf-b52e-d6dcc7abb622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "seen", "source": "https://t.me/secmedia/1213", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430 Ultimate Member \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u043d\u0430 WordPress. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2023-3460 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u043e\u0432\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u043d\u0430 \u0441\u0430\u0439\u0442\u0435, \u043d\u043e \u043d\u0430\u0434\u0435\u043b\u0438\u0442\u044c \u0435\u0435 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430. \u0418 \u0432\u0441\u0435 \u044d\u0442\u043e \u2014 \u0432 \u043e\u0431\u0445\u043e\u0434 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0431\u0435\u0437 \u0432\u0435\u0434\u043e\u043c\u0430 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430.", "creation_timestamp": "2023-07-03T17:02:06.000000Z"}, {"uuid": "41b437cd-fbbd-4f92-a059-e8c69fa6ca52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34603", "type": "seen", "source": "https://t.me/cibsecurity/65331", "content": "\u203c CVE-2023-34603 \u203c\n\nJeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-19T12:30:24.000000Z"}, {"uuid": "798123cd-00c2-4c4f-a05c-44fbbd706a21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "exploited", "source": "https://t.me/anti_malware/15361", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2023-3460 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 Ultimate Member \u0434\u043b\u044f WordPress \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u0430 \u0441\u0430\u0439\u0442 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 \u043e\u0431\u0445\u043e\u0434 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u044d\u0442\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438 \u0432\u0437\u044f\u043b\u0438 \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435.", "creation_timestamp": "2023-08-25T17:35:45.000000Z"}, {"uuid": "39b5b57d-dd52-4635-a87a-4f1d4463dd98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3460", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8659", "content": "#exploit\n1. CVE-2023-29298:\nAdobe ColdFusion Access Control Bypass\nhttps://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass\n\n2. XAMPP 8.2.4 - Unquoted Path\nhttps://seclists.org/fulldisclosure/2023/Jul/18\n\n3. CVE-2023-3460:\nUnauthorized admin access for Ultimate Member plugin POC\nhttps://github.com/Fire-Null/CVE-2023-3460", "creation_timestamp": "2023-07-13T11:01:01.000000Z"}]}