First published: Wed Dec 18 2024(Updated: )
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cozmoslabs Membership & Content Restriction - Paid Member Subscriptions WordPress | <2.13.5 | |
Paid Membership Subscriptions | <=2.13.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-11291 has a high severity level due to sensitive information exposure.
To fix CVE-2024-11291, update the Paid Membership Subscriptions plugin to version 2.13.5 or later.
CVE-2024-11291 affects all versions of the Paid Membership Subscriptions plugin up to and including version 2.13.4.
CVE-2024-11291 can lead to the exposure of sensitive information through the WordPress core search feature.
Yes, if your website is using an affected version of the Paid Membership Subscriptions plugin, it is at risk of sensitive information exposure.