WordPress Plugin Vulnerabilities

Restrict User Access – Ultimate Membership & Content Protection < 2.6 - Information Exposure

Description

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API.

Affects Plugins

Plugin icon
restrict-user-access
Fixed in 2.6

References

CVE
CVE-2024-0687
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
64bf9544-e772-4feb-91ad-60239d691221

Timeline

Publicly Published
2024-02-26 (about 2 years ago)
Added
2024-02-26 (about 2 years ago)
Last Updated
2024-02-26 (about 2 years ago)

Other

Published
Title
Published
2020-11-06
Title
WooCommerce Blocks < 3.7.1 - Guest Account Creation
Published
2025-03-06
Title
VK Blocks < 1.95.0.3 - Missing Authorization to Sensitive Information Exposure
Published
2022-12-28
Title
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
Published
2021-03-23
Title
SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban
Published
2024-02-26
Title
Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response