The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-04T03:30:12.554Z
Updated: 2024-01-04T03:30:12.554Z
Reserved: 2023-12-12T15:18:41.225Z
Link: CVE-2023-6733
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-04T04:15:09.550
Modified: 2024-01-10T16:53:12.160
Link: CVE-2023-6733
JSON object: View
Redhat Information
No data.
CWE