← volver
CVE-2024-1279

Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure

CVSS 4.3 MEDIUMEPSS 0.5%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 mar 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N