CVE Vulnerabilities

CVE-2024-1287

Exposure of Sensitive Information Through Data Queries

Published: Jul 30, 2024 | Modified: Jul 10, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users sensitive information, including password hashes.

Weakness

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Affected Software

Name Vendor Start Version End Version
Paid_memberships_pro Strangerstudios * 1.2.6 (excluding)

Potential Mitigations

References