cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches formembers members

Direction: ascending
Dec 11, 2024

Members – Membership & User Role Editor Plugin # CVE-2024-11008

CVE, Research URL

CVE-2024-11008

Date
Dec 11, 2024
Research Description
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Affected versions
max 3.2.11.
Status
vulnerable
Jul 11, 2026

Members – Membership & User Role Editor Plugin # CVE-2026-12426

CVE, Research URL

CVE-2026-12426

Date
Jul 11, 2026
Research Description
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the members_filter_protected_posts_for_rest. This makes it possible for unauthenticated attackers to extract determine the existence and exact count of access-restricted posts, and use per-page pagination as a boolean oracle to infer keywords and content contained within those hidden restricted posts.
Affected versions
max 3.2.23.
Status
vulnerable