CVE-2023-2869

Name of the Vulnerable Software and Affected Versions WP-Members Membership plugin for WordPress versions up to, and including, 3.4.7.3

Description The issue arises from a missing capability check on the do field reorder function, allowing authenticated attackers with subscriber-level access to reorder form elements on login forms. This can lead to unauthorized updates of plugin settings.

Recommendations For versions up to, and including, 3.4.7.3, consider disabling the do field reorder function until a patch is available to prevent unauthorized reordering of form elements. Restrict access to the login forms to minimize the risk of exploitation. Update to a version higher than 3.4.7.3 when available.