CVE-2023-6733 MEDIUM

CVE-2023-6733: WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure

Vendor Cbutlerjr

Product WP-Members Membership Plugin

Weakness CWE-284

Published January 4, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.

Key dates

02Disclosure timeline

January 4, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6733 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2023-6733: WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure

01Description

02Disclosure timeline

03References

04Related CVE