cbcvebase.
CVE-2024-1286
published 2024-07-30

CVE-2024-1286: The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users…

PriorityP424medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.56%
42.7th percentile
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
expressexpress>= 0 < 4.19.24.19.2
expressexpress>= 5.0.0-alpha.1 < 5.0.0-beta.35.0.0-beta.3
github.comgoogle_nftables>= 0.1.0 < 0.2.00.2.0
juniperex_series
juniperjunos_os
junipermx_series
juniperqfx_series
junipersrx_series
msrcazl3_azcopy_10.22.1-1
msrcazl3_azcopy_10.24.0-1
msrcazl3_blobfuse2_2.1.0-4
msrcazl3_blobfuse2_2.3.0-1
msrcazl3_cert-manager_1.11.2-8
msrcazl3_cert-manager_1.12.12-1
msrcazl3_cf-cli_8.7.3-3
msrcazl3_cf-cli_8.7.3-6
msrcazl3_cloud-provider-kubevirt_0.5.1-1
msrcazl3_containerd_1.7.13-5
msrcazl3_containerd_1.7.13-8
msrcazl3_containerized-data-importer_1.57.0-14
msrcazl3_containerized-data-importer_1.57.0-6
msrcazl3_coredns_1.11.1-3
msrcazl3_coredns_1.11.1-4
msrcazl3_cri-tools_1.29.0-1
msrcazl3_cri-tools_1.30.1-1

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vendor_msrc7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.