Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.9 views

CVE-2023-2869

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

4.3CVSS6.4AI score0.00503EPSS
Exploits0References1
Circl
Circl
added 2025/04/04 12:3 p.m.10 views

CVE-2023-2869

creationtimestamp| type| source ---|---|--- 2025-04-04 12:03:52+00:00| seen| https://bsky.app/profile/thewhynet.bsky.social/post/3llyer2dsli2p...

4.3CVSS6.9AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2023/07/12 4:38 a.m.47 views

CVE-2023-2869

CVE-2023-2869 concerns the WordPress WP-Members Membership plugin. The vulnerability arises from a missing capability check in the do_field_reorder function, allowing authenticated users with subscriber-level access to reorder form elements on login forms and thereby perform unauthorized updates ...

4.3CVSS4.6AI score0.00503EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/12 12:0 a.m.13 views

WordPress Members Plugin <= 3.4.7.3 is vulnerable to Broken Access Control

Software Members Type Plugin Vulnerable versions = 3.4.7.3 Fixed in 3.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2869 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 561a12f2621a Credits Marco Wotschka Required...

4.3CVSS6.4AI score0.00503EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder