Assigner | WPScan |
Reserved | 2024-02-06 |
Published | 2024-03-11 |
Updated | 2024-06-11 |
Description
The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
Problem types
CWE-284 Improper Access Control
Product status
Any version before 2.12.9
Credits
Scott Kingsley Clark
WPScan
References
https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/