Sensitive Information Exposure in Paid Membership Subscriptions Plugin for WordPress

CVE-2024-11291

What is CVE-2024-11291?

CVE-2024-11291 is a significant vulnerability in the Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress. This flaw allows unauthenticated attackers to exploit the WordPress core search feature to expose sensitive information from restricted posts that should only be accessible to users with higher privileges, such as logged-in members. This vulnerability affects all versions up to and including 2.13.4, presenting a considerable risk for websites utilizing this plugin to manage membership content. Website administrators are strongly advised to update the plugin to the latest version immediately to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References