CVE-2024-11299: Memberpress <= 1.11.37 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
First published: Tue Apr 22 2025(Updated: )
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MemberPress | <=1.11.37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11299?
CVE-2024-11299 has been classified as a high-severity vulnerability due to its potential for sensitive data exposure.
How do I fix CVE-2024-11299?
To fix CVE-2024-11299, upgrade the Memberpress plugin to version 1.12.0 or later.
What types of sensitive information are affected by CVE-2024-11299?
CVE-2024-11299 can lead to the exposure of sensitive data from posts that have restricted access.
Who is affected by CVE-2024-11299?
All users of the Memberpress plugin for WordPress up to version 1.11.37 are vulnerable to CVE-2024-11299.
Can unauthenticated attackers exploit CVE-2024-11299?
Yes, unauthenticated attackers can exploit CVE-2024-11299 to extract sensitive information.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- agent/references
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/source
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- vendor/memberpress
- canonical/memberpress