CVE-2024-1279
Severity
4.3MEDIUM
EPSS
0.5%
top 34.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 11
Description
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4