CVE-2024-1286

CWE-639 — Insecure Direct Object Reference CWE-1286 CWE-20 — Improper Input Validation CWE-601 — Open Redirect CWE-24816 documents7 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 39.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Pmpro-membership-maps Strangerstudios Paid Memberships PRO

Timeline

PublishedJul 30

Latest updateDec 27

Description

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/pmpro-membership-maps< 0.7

▶NVDstrangerstudios/paid_memberships_pro< 0.7

🔴Vulnerability Details

GHSA

Eclipse Jetty URI parsing of invalid authority↗2024-10-14

▶

GHSA

Denial of Service in TYPO3 Bookmark Toolbar↗2024-10-08

▶

CVEList

Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure↗2024-07-30

▶

GHSA

GHSA-6r36-crx2-h5cg: The pmpro-membership-maps WordPress plugin before 0↗2024-07-30

▶

GHSA

github.com/google/nftable IP addresses were encoded in the wrong byte order↗2024-07-04

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.↗2024-12-27

▶

Red Hat

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority↗2024-10-14

▶

Red Hat

php: Erroneous parsing of multipart form data↗2024-10-07

▶

Red Hat

json-lib: Mishandling of an unbalanced comment string in json-lib↗2024-10-04

▶

Juniper

CVE-2024-39542: An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series↗2024-07-11

▶