6.5
CVE-2024-1287
- EPSS 0.52%
- Veröffentlicht 30.07.2024 06:15:02
- Zuletzt bearbeitet 22.08.2025 09:15:32
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLi
Paid Memberships Pro - Member Directory Add On < 1.2.6 - Authenticated (Contributor+) Information Exposure
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.
Mögliche Gegenmaßnahme
Paid Memberships Pro - Member Directory Add On: Update to version 1.2.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Strangerstudios ≫ Paid Memberships Pro SwPlatformwordpress Version < 1.2.6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Paid Memberships Pro - Member Directory Add On
Version
[*, 1.2.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.401 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-202 Exposure of Sensitive Information Through Data Queries
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c/
https://www.wordfence.com/threat-intel/vulnerabilities/id/24142874-95f9-448d-8cf2-14a65fc946ab