First published: Fri Apr 26 2024(Updated: )
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.
Credit: security@wordfence.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.