The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Dec 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members. | |
Title | Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-17T08:22:46.366Z
Updated: 2024-12-17T14:37:53.936Z
Reserved: 2024-11-15T23:28:57.445Z
Link: CVE-2024-11294
Vulnrichment
Updated: 2024-12-17T14:37:48.691Z
NVD
Status : Received
Published: 2024-12-17T09:15:05.193
Modified: 2024-12-17T09:15:05.193
Link: CVE-2024-11294
Redhat
No data.