CVE-2024-0969
First published: Mon Feb 05 2024(Updated: )
The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Repute Infosystems ARMember | <=4.0.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0969?
CVE-2024-0969 is considered a high severity vulnerability due to its potential for exposing sensitive information.
How do I fix CVE-2024-0969?
To fix CVE-2024-0969, upgrade the ARMember plugin to version 1.0.22 or later.
What types of information can be exposed by CVE-2024-0969?
CVE-2024-0969 allows unauthenticated users to access content that should be restricted, potentially exposing sensitive post content.
Who is affected by CVE-2024-0969?
All users of the ARMember plugin for WordPress versions up to and including 1.0.21 are affected by CVE-2024-0969.
What feature of ARMember is compromised in CVE-2024-0969?
CVE-2024-0969 compromises the 'Default Restriction' feature of ARMember, allowing attackers to bypass restrictions.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/reputeinfosystems
- canonical/repute infosystems armember
- version/repute infosystems armember/4.0.24