Sensitive Information Exposure in Paid Membership Subscriptions Plugin for WordPress
CVE-2024-11291
5.3MEDIUM
Summary
CVE-2024-11291 is a significant vulnerability in the Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress. This flaw allows unauthenticated attackers to exploit the WordPress core search feature to expose sensitive information from restricted posts that should only be accessible to users with higher privileges, such as logged-in members. This vulnerability affects all versions up to and including 2.13.4, presenting a considerable risk for websites utilizing this plugin to manage membership content. Website administrators are strongly advised to update the plugin to the latest version immediately to mitigate potential exploitation.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD Database