cbcvebase.
CVE-2024-1287
published 2024-07-30

CVE-2024-1287: The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.52%
40.3th percentile
The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.

Affected

11 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost_server_v8>= 10.0.0 < 10.0.310.0.3
github.commattermost_mattermost_server_v8>= 10.1.0 < 10.1.310.1.3
github.commattermost_mattermost_server_v8>= 9.11.0 < 9.11.59.11.5
github.commattermost_mattermost_server_v8>= 9.5.0 < 9.5.139.5.13
juniperjunos_os
junipersrx_series
moodlemoodle>= 0 < 4.1.124.1.12
moodlemoodle>= 4.2.0-beta < 4.2.94.2.9
moodlemoodle>= 4.3.0-beta < 4.3.64.3.6
moodlemoodle>= 4.4.0-beta < 4.4.24.4.2
strangerstudiospaid_memberships_pro< 1.2.61.2.6

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cisa9.3CRITICAL
vendor_cisco8.6HIGH
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.