Sensitive Information Exposure in Membership Plugin - Restrict Content for WordPress
CVE-2024-11090
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 January 2025
What is CVE-2024-11090?
The Membership Plugin - Restrict Content for WordPress allows unauthenticated attackers to retrieve sensitive data from posts that are meant to be restricted to higher-level user roles, such as administrators. This vulnerability arises from the WordPress core search feature, which improperly exposes restricted content. All versions up to and including 3.2.13 are affected, making it essential for users to update to the latest version to avoid potential data leaks.
Affected Version(s)
Membership Plugin – Restrict Content * <= 3.2.13