Paid Memberships Pro – Membership Maps Add On < 0.7 – Contributor+ Sensitive Information Disclosure | CVE 2024-1286 | Plugin Vulnerabilities

Description

The plugin does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.

Proof of Concept

1. ADMIN: Install Paid Memberships Pro
2. ADMIN: Install Paid Memberships Pro Membership Maps Add On
3. CONTRIBUTOR: Add shortcode to any post and save
4. CONTRIBUTOR: Preview the post and see list of all members for a site and see it lists sensitive user information including user level etc
5. ANYONE: If the post/page ends up being published with the shortcode, anyone without authentication can see the exposed details

Example shortcode: `[pmpro_membership_maps fields="Login,user_login;User ID,ID;User level,wp_user_level"]`

Affects Plugins

pmpro-membership-maps

Fixed in 0.7

References

CVE

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Scott Kingsley Clark

Submitter

Scott Kingsley Clark

Submitter website

https://skc.dev

Submitter twitter

Verified

Yes

WPVDB ID

49dc9ca3-d0ef-4a75-8b51-307e3e44e91b

Timeline

Publicly Published

2024-07-09 (about 1 year ago)

Added

2024-07-09 (about 1 year ago)

Last Updated

2025-08-22 (about 4 months ago)

Other

Published

Title

Published

2024-02-05

Title

CP Polls < 1.0.72 - Unauthenticated Poll Limit Bypass

Published

2025-03-07

Title

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel < 2.4.30 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates

Published

2025-05-06

Title

WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

Published

2021-09-22

Title

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

Published

2024-04-25

Title

Crelly Slider < 1.4.6 - Subscriber+ Insecure Direct Object Reference