Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild

Rewterz Threat Update – Claim By Anonymous Sudan: Alleged Access To 30 Million Microsoft Accounts

July 4, 2023

Rewterz Threat Advisory – CVE-2023-33336 – Sophos Web Appliance Vulnerability

July 5, 2023

Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild

Severity

High

Analysis Summary

CVE-2023-3460

A critical vulnerability in the plugin allows an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it appears possible to change certain values for the account to be registered. This includes the “wp_capabilities” value, which determines the user’s role on the website.

Impact

Privilege Escalation

Indicators Of Compromise

CVE

CVE-2023-3460

Affected Vendors

WordPress

Affected Products

Ultimate Member Plugin

Remediation

Upgrade to the latest version of wordpress ultimate member plugin, available from the WordPress Plugin Directory.

WordPress Plugin Directory

Rewterz Threat Update – Claim By Anonymous Sudan: Alleged Access To 30 Million Microsoft Accounts

Rewterz Threat Advisory – CVE-2023-33336 – Sophos Web Appliance Vulnerability

Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan