The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Metrics
Affected Vendors & Products
References
History
Thu, 21 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mra13
Mra13 simple Membership |
|
Weaknesses | CWE-276 | |
CPEs | cpe:2.3:a:mra13:simple_membership:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mra13
Mra13 simple Membership |
|
Metrics |
ssvc
|
Thu, 21 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |
Title | Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-21T13:55:32.836Z
Updated: 2024-11-21T14:17:07.908Z
Reserved: 2024-11-11T19:32:06.177Z
Link: CVE-2024-11088
Vulnrichment
Updated: 2024-11-21T14:17:01.429Z
NVD
Status : Received
Published: 2024-11-21T14:15:08.250
Modified: 2024-11-21T15:15:21.097
Link: CVE-2024-11088
Redhat
No data.