CVE-2024-1279

Summary

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.

Affected Software

VendorProductVersion RangeStatus
UnknownPaid Memberships Pro0 < 2.12.9affected

Weaknesses

  • CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References