Vulnerabilities and security researches formembers members
Direction: ascendingDec 11, 2024
Members – Membership & User Role Editor Plugin # CVE-2024-11008
- CVE, Research URL
- Date
- Dec 11, 2024
- Research Description
- The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
- Affected versions
-
max 3.2.11.
- Status
-
vulnerable
Jul 11, 2026
Members – Membership & User Role Editor Plugin # CVE-2026-12426
- CVE, Research URL
- Date
- Jul 11, 2026
- Research Description
- The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the members_filter_protected_posts_for_rest. This makes it possible for unauthenticated attackers to extract determine the existence and exact count of access-restricted posts, and use per-page pagination as a boolean oracle to infer keywords and content contained within those hidden restricted posts.
- Affected versions
-
max 3.2.23.
- Status
-
vulnerable