CVE-2023-6733

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to, and including, 3.4.8

Description The issue allows authenticated attackers with contributor access and above to extract sensitive data, including user emails, password hashes, and usernames, via the wpmem field shortcode. This enables the exposure of sensitive information.

Recommendations For versions up to, and including, 3.4.8, update to a version later than 3.4.8 to resolve the issue. As a temporary workaround, consider restricting access to the wpmem field shortcode for users with contributor access and above until a patch is available.