WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure
CVE-2023-44150
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 30 November 2023
Summary
The ProfilePress Membership Plugin, which includes features for ecommerce, registration forms, login forms, user profiles, and content restriction, is susceptible to a vulnerability that allows unauthorized actors to gain access to sensitive information. This exposure can occur through debug log files, allowing attackers to retrieve critical personal data from users. The issue is present in versions up to 4.13.2, and it poses substantial risks for any site utilizing this plugin, making it essential for website administrators to ensure they implement necessary security measures and updates.
Affected Version(s)
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.13.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved