s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions < 240315 – Information Exposure | CVE 2024-0899 | Plugin Vulnerabilities

Description

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages.

Affects Plugins

Fixed in 240315

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

d54607ef-3855-4e62-9436-bd7f39d3c472

Timeline

Publicly Published

2024-03-18 (about 2 years ago)

Added

2024-03-18 (about 2 years ago)

Last Updated

2024-03-18 (about 2 years ago)

Other

Published

Title

Published

2021-04-20

Title

Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions

Published

2021-10-05

Title

Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts

Published

2021-01-22

Title

Doneren met Mollie < 2.8.5 - Unauthorised CSV Export leading to Sensitive Data Disclosure

Published

2021-10-26

Title

Bulk Datetime Change < 1.12 - Missing Authorisation

Published

2021-05-26

Title

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation