The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users sensitive information, including password hashes.
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.