CVE Details
Basic Information
| Title | Paid Memberships Pro – Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure and SQLi |
|---|---|
| Type | cve |
| Published | 2024-07-30T06:00:06.053Z |
| Modified | 2024-08-01T18:33:25.572Z |
Product Information
| Vendor | Unknown |
|---|---|
| Product | pmpro-member-directory |
| Version | 0 |
CVSS Information
| Base Score | 0.0 () |
|---|
AI Analysis
| AI Description | The pmpro-member-directory WordPress plugin before version 1.2.6 allows users with contributor roles or higher to access sensitive information, including password hashes, due to insufficient access controls. This vulnerability could lead to unauthorized data disclosure and potential SQL injection attacks. |
|---|---|
| AI Severity | High |
| AI Vendor | WordPress Community |
| AI Product | pmpro-member-directory |
| AI Version | < 1.2.6 |
Affected Products
- Unknown pmpro-member-directory 0
Additional Information
| CWE List | |
|---|---|
| Source | WPScan |
Description
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users’ sensitive information, including password hashes.