CVE-2024-11090: Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
First published: Sun Jan 26 2025(Updated: )
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=3.2.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event