Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member plugin allows attackers to add a new user account to the administrators group.