Simple Membership < 4.5.6 – Exposure of Private Personal Information to an Unauthorized Actor | CVE 2024-11088 | Plugin Vulnerabilities

Description

The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Affects Plugins

simple-membership

Fixed in 4.5.6

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c1558b08-a33b-4cf2-bacb-c88065f513cc

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

5c8e341c-a0ed-4e99-9e02-3857db357886

Timeline

Publicly Published

2024-11-20 (about 1 year ago)

Added

2024-11-21 (about 1 year ago)

Last Updated

2024-11-21 (about 1 year ago)

Other

Published

Title

Published

2024-05-10

Title

Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure

Published

2024-04-24

Title

Essential Addons for Elementor < 5.9.16 - Information Exposure

Published

2026-01-08

Title

NextGEN Download Gallery <= 1.6.2 - Unauthenticated Information Exposure

Published

2023-12-29

Title

Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File

Published

2023-12-28

Title

Affiliates Manager < 2.9.31 - Sensitive Information Exposure via Log File