WP-Members Membership Plugin < 3.4.9 – Contributor+ Sensitive Information Exposure | CVE 2023-6733

Affects Plugins

wp-members

Fixed in 3.4.9

References

CVE

CVE-2023-6733

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

CVSS

4.9 (medium)

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

27606ebc-ff92-49dc-aaa4-061ba162e93b

Timeline

Publicly Published

2024-01-03 (about 2 years ago)

Added

2024-01-03 (about 2 years ago)

Last Updated

2024-01-03 (about 2 years ago)

Other

Published

Title

Published

2024-02-16

Title

My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API

Published

2021-05-08

Title

ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call

Published

2024-12-19

Title

Maintenance & Coming Soon Redirect Animation < 2.3.0 - Missing Authorization to Settings Update

Published

2024-08-31

Title

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder < 5.1.19 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification

Published

2021-08-18

Title

Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls