CVE-2023-41956 - Vulnerability Details - OpenCVE

Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Simple-membership-plugin	Simple Membership
Smp7 Wpinsider	Simple Membership

Configuration 1 [-]

cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve

History

Tue, 25 Mar 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Simple-membership-plugin Simple-membership-plugin simple Membership
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:simple-membership-plugin:simple_membership::::::wordpress::*
Vendors & Products		Simple-membership-plugin Simple-membership-plugin simple Membership

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-17T06:55:53.053Z

Updated: 2024-08-02T19:09:49.408Z

Reserved: 2023-09-06T08:46:20.964Z

Link: CVE-2023-41956

Vulnrichment

Updated: 2024-05-20T20:15:37.800Z

NVD

Status : Analyzed

Published: 2024-05-17T07:16:00.337

Modified: 2025-03-25T17:28:47.953

Link: CVE-2023-41956

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41956", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-09-06T08:46:20.964Z", "datePublished": "2024-05-17T06:55:53.053Z", "dateUpdated": "2024-08-02T19:09:49.408Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "simple-membership", "product": "Simple Membership", "vendor": "smp7, wp.insider", "versions": [{"changes": [{"at": "4.3.5", "status": "unaffected"}], "lessThanOrEqual": "4.3.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.<p>This issue affects Simple Membership: from n/a through 4.3.4.</p>"}], "value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-17T06:55:53.053Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.3.5 or a higher version."}], "value": "Update to 4.3.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T20:13:27.660051Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:smp7_wpinsider:simple_membership:*:*:*:*:*:*:*:*"], "vendor": "smp7_wpinsider", "product": "simple_membership", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.3.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:21:47.308Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.408Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41956", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-09-06T08:46:20.964Z", "datePublished": "2024-05-17T06:55:53.053Z", "dateUpdated": "2024-06-04T17:21:47.308Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "simple-membership", "product": "Simple Membership", "vendor": "smp7, wp.insider", "versions": [{"changes": [{"at": "4.3.5", "status": "unaffected"}], "lessThanOrEqual": "4.3.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.<p>This issue affects Simple Membership: from n/a through 4.3.4.</p>"}], "value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-17T06:55:53.053Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.3.5 or a higher version."}], "value": "Update to 4.3.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T20:13:27.660051Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:smp7_wpinsider:simple_membership:*:*:*:*:*:*:*:*"], "vendor": "smp7_wpinsider", "product": "simple_membership", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.3.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T20:15:37.800Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EF41836E-78A2-4537-8BC0-F76C9E82EA86", "versionEndExcluding": "4.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.3.4."}, {"lang": "es", "value": " Vulnerabilidad de autenticaci\u00f3n incorrecta en smp7, wp.Insider Simple Membership. Este problema afecta a Simple Membership: desde n/a hasta 4.3.4."}], "id": "CVE-2023-41956", "lastModified": "2025-03-25T17:28:47.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T07:16:00.337", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-4-authenticated-account-takeover-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "audit@patchstack.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}