CVE-2023-6733

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6733
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:butlerblog:wp-members:*:*:*:*:*:wordpress:*:*
History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= - Patch () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve - Third Party Advisory

28 Oct 2024, 11:41

Type Values Removed Values Added
First Time Butlerblog wp-members
Butlerblog
CPE cpe:2.3:a:wp-members_project:wp-members:*:*:*:*:*:wordpress:*:* cpe:2.3:a:butlerblog:wp-members:*:*:*:*:*:wordpress:*:*

10 Jan 2024, 16:53

Type Values Removed Values Added
CWE CWE-862
Summary (es) WP-Members Membership Plugin plugin for WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.4.8 inclusive a través del código corto wpmem_field. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos correos electrónicos de usuarios, hashes de contraseñas, nombres de usuarios y más. (es) El complemento WP-Members Membership Plugin para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.4.8 incluida a través del código corto wpmem_field. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos correos electrónicos de usuarios, hashes de contraseñas, nombres de usuarios y más.
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=cve - Third Party Advisory
CPE cpe:2.3:a:wp-members_project:wp-members:*:*:*:*:*:wordpress:*:*
First Time Wp-members Project wp-members
Wp-members Project

04 Jan 2024, 14:58

Type Values Removed Values Added
Summary
  • (es) WP-Members Membership Plugin plugin for WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.4.8 inclusive a través del código corto wpmem_field. Esto hace posible que atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos correos electrónicos de usuarios, hashes de contraseñas, nombres de usuarios y más.

04 Jan 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-04 04:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6733

Mitre link : CVE-2023-6733

CVE.ORG link : CVE-2023-6733

JSON object : View

Products Affected

butlerblog

  • wp-members
CWE
CWE-862

Missing Authorization