CVE-2023-2545

Name of the Vulnerable Software and Affected Versions Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1

Description The issue allows authenticated attackers with subscriber-level permissions and above to access login links, potentially leading to privilege escalation, due to a missing capability check on the getListOfUsers function.

Recommendations For Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1, consider disabling the getListOfUsers function until a patch is available to prevent unauthorized access. Restrict access to the login links to minimize the risk of exploitation.