CVE-2023-2869 - Vulnerability Details - OpenCVE

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Butlerblog	Wp-members

Configuration 1 [-]

cpe:2.3:a:butlerblog:wp-members:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799
https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve

History

Mon, 28 Oct 2024 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Butlerblog Butlerblog wp-members
CPEs	cpe:2.3:a:wp-members_project:wp-members::::::wordpress::*	cpe:2.3:a:butlerblog:wp-members::::::wordpress::*
Vendors & Products	Wp-members Project Wp-members Project wp-members	Butlerblog Butlerblog wp-members

Wed, 23 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-07-12T04:38:48.717Z

Updated: 2024-10-23T14:48:54.890Z

Reserved: 2023-05-24T16:34:43.226Z

Link: CVE-2023-2869

Vulnrichment

Updated: 2024-08-02T06:33:05.807Z

NVD

Status : Modified

Published: 2023-07-12T05:15:09.263

Modified: 2024-11-21T07:59:27.530

Link: CVE-2023-2869

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2869", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-05-24T16:34:43.226Z", "datePublished": "2023-07-12T04:38:48.717Z", "dateUpdated": "2024-10-23T14:48:54.890Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-07-12T04:38:48.717Z"}, "affected": [{"vendor": "cbutlerjr", "product": "WP-Members Membership Plugin", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.4.7.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"}, {"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-05-24T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-06-08T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.807Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T14:44:42.769756Z", "id": "CVE-2023-2869", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:48:54.890Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:05.807Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T14:44:42.769756Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:48:48.035Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "cbutlerjr", "product": "WP-Members Membership Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.4.7.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-05-24T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2023-06-08T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"}, {"url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"}], "descriptions": [{"lang": "en", "value": "The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-07-12T04:38:48.717Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2869", "state": "PUBLISHED", "dateUpdated": "2024-10-23T14:48:54.890Z", "dateReserved": "2023-05-24T16:34:43.226Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-07-12T04:38:48.717Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:butlerblog:wp-members:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DF060178-42D3-4E0E-A73F-A2EF99BC3FF8", "versionEndExcluding": "3.4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms."}], "id": "CVE-2023-2869", "lastModified": "2024-11-21T07:59:27.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-07-12T05:15:09.263", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php?rev=2895180#L799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/2920897/wp-members/trunk/includes/admin/tabs/class-wp-members-admin-tab-fields.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}