The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-04T03:30:12.554Z
Updated: 2024-08-02T08:35:14.905Z
Reserved: 2023-12-12T15:18:41.225Z
Link: CVE-2023-6733
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-04T04:15:09.550
Modified: 2024-01-10T16:53:12.160
Link: CVE-2023-6733
Redhat
No data.