Exploit for CVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin. Made with Golang
╔══════════════════════════════════════════════════╗ ╔══════════════════════════════════════════════════╗
║ DISCLAIMER ║ ║ ABOUT THE PROJECT ║
║ ║ ║ ║
║ This Proof of Concept (PoC) has been developed ║ ║ I had problems in some cases with this exploit. ║
║ for educational and research purposes only. ║ ║ Things like this must happen since it's a dev ║
║ Its intention is to explore potential security ║ ║ version. Project intended to increase the scope ║
║ vulnerabilities and raise awareness about them. ║ ║ of the exploit, and not need to open BurpSuite ║
║ ║ ║ and test by hand everytime you find a Wordpress ║
║ USAGE DISCLAIMER: ║ ║ WebApp. Improvements are on the way, and I ║
║ Any use of this PoC on systems or websites you ║ ║ promise I won't leave the dirty code as it is ║
║ do not have explicit authorization for may ║ ║ (I think). ║
║ violate ethical standards and legal regulations. ║ ║ ║
║ ║ ║ UPCOMING FEATURES: ║
║ USAGE AT YOUR OWN RISK: ║ ║ - Scanning functionality to identify exposed ║
║ Using this PoC on unauthorized systems or ║ ║ systems ║
║ websites may lead to legal consequences. Always ║ ║ - Improved nonce search for various registration ║
║ obtain proper authorization before testing. ║ ║ patterns ║
║ ║ ║ - Customizable admin creation options (Like set ║
║ The creator of this PoC are not responsible ║ ║ parameters that registration require) ║
║ for any misuse or damage caused by its usage. ║ ║ ║
║ ║ ║ ║
║ [ Version 0.1 ] ║ ║ [ By BlackReaperSK ] ║
╚══════════════════════════════════════════════════╝ ╚══════════════════════════════════════════════════╝