CVE-2023-3460

✓ Confirmed 0-Day

Triaged: March 20, 2026 3 articles

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

92.81%

probability

This CVE has a 92.81% probability of being exploited in the next 30 days.

0% Top 99.8th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Exploits & PoC

gbrsh/CVE-2023-3460

Exploit for CVE-2023-3460. Unauthorized admin access for Ultimate Member plugin < v2.6.7

diego-tella/CVE-2023-3460

Exploit and scanner for CVE-2023-3460

GURJOTEXPERT/CVE-2023-3460

PoC CVE-2023-3460 — GURJOTEXPERT/CVE-2023-3460

Rajneeshkarya/CVE-2023-3460

Exploit for the vulnerability of Ultimate Member Plugin.

TranKuBao/CVE-2023-3460_FIX

Cái này dựng lên với mục đích cho ae tham khảo, chê thì đừng có xem. :))))

rizqimaulanaa/CVE-2023-3460

PoC CVE-2023-3460 — rizqimaulanaa/CVE-2023-3460

yon3zu/Mass-CVE-2023-3460

Mass CVE-2023-3460.

DiMarcoSK/CVE-2023-3460_POC

GitHub repository for CVE-2023-3460 POC

8 repos — triés par ⭐ Rechercher sur GitHub ↗

Hackers exploit zero-day in Ultimate Member WordPress plugin with 200K installs

BleepingComputer Jun 30, 2023

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites

TheHackerNews

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

TheHackerNews

Signal Intelligence

Confidenceⓘ

85%

EPSS 92.81%

Mentions 3

Last Seen Jun 30, 2023

CNA Information

Analyst Note

CVE-2023-3460 in Ultimate Member WordPress plugin explicitly documented as zero-day exploitation in the wild (BleepingComputer headline confirms 'Hackers exploit zero-day'). TheHackerNews reports active attacks creating secret admin accounts on unpatched systems. Title explicitly names this CVE as the exploited zero-day, not just a routine patch in a batch.

Triage Info

Decided atMar 20, 2026