cleantalk
Vulnerabilities and Security Researches

WP-Members Membership Plugin, CVE-2023-2869

CVE, Research URL

CVE-2023-2869

Home page URL

Security reports for WP-Members Membership Plugin

Application

WP-Members Membership Plugin

Published on
Jul 12, 2023
Research Description
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.
Affected versions
Min -, max 2.8.10.
Status
vulnerable
Previous vulnerability researches
TAKETIN To WP Membership (CVE-2024-49226) , Oct 18, 2024
WP-Members Membership Plugin (CVE-2024-9231) , Oct 23, 2024
WP-Members Membership Plugin (CVE-2019-15660) , Jun 07, 2024
WP-Members Membership Plugin (CVE-2017-2222) , Jun 07, 2024
WP-Members Membership Plugin (CVE-2023-2869) , Jun 07, 2024
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025