CVE-2024-11088: Simple Membership <= 4.5.5 - Exposure of Private Personal Information to an Unauthorized Actor
First published: Thu Nov 21 2024(Updated: )
The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/type
- agent/description
- agent/event