4 matches found
CVE-2023-2869
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...
CVE-2023-2869
creationtimestamp| type| source ---|---|--- 2025-04-04 12:03:52+00:00| seen| https://bsky.app/profile/thewhynet.bsky.social/post/3llyer2dsli2p...
CVE-2023-2869
CVE-2023-2869 concerns the WordPress WP-Members Membership plugin. The vulnerability arises from a missing capability check in the do_field_reorder function, allowing authenticated users with subscriber-level access to reorder form elements on login forms and thereby perform unauthorized updates ...
WordPress Members Plugin <= 3.4.7.3 is vulnerable to Broken Access Control
Software Members Type Plugin Vulnerable versions = 3.4.7.3 Fixed in 3.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2869 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 561a12f2621a Credits Marco Wotschka Required...