/CVE-2023-3460

Exploit and scanner for CVE-2023-3460

Primary LanguagePython

CVE-2023-3460

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This script perform an exploit for this vulnerability and scan different targets, looking for this vulnerability.

Install

git clone https://github.com/diego-tella/CVE-2023-3460/
cd CVE-2023-3460/
python exploit.py

Usage

python exploit.py -t http://target.com/wordpress #basic usage
python exploit.py -c -l list.txt #scan a list of targets

Disclaimer

This program is for Educational purpose ONLY. Do not use it without permission. The author or any Internet provider bears NO responsibility for content or misuse of this program or any derivatives thereof.