Sensitive Information Exposure in Membership & User Role Editor Plugin for WordPress
CVE-2026-12426
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-12426?
The Members β Membership & User Role Editor Plugin for WordPress contains a vulnerability that allows unauthenticated attackers to access sensitive information. This flaw, present in all versions up to and including 3.2.22, pertains to the 'members_filter_protected_posts_for_rest' functionality. Attackers can leverage this vulnerability to ascertain the presence and count of access-restricted posts. Furthermore, by utilizing per-page pagination, they can infer keywords and content within those hidden posts, potentially compromising the security and privacy of the information intended to be protected.
Affected Version(s)
Members β Membership & User Role Editor Plugin 0 <= 3.2.22