cleantalk
Vulnerabilities and Security Researches

BuddyPress Members Only, CVE-2024-0972

CVE, Research URL

CVE-2024-0972

Home page URL

Security reports for BuddyPress Members Only

Application

BuddyPress Members Only

Published on
Jun 06, 2024
Research Description
The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content.
Affected versions
max 4.4.9.
Status
vulnerable
Previous vulnerability researches
BuddyPress Members Only (CVE-2024-0972) , Jun 07, 2024
BuddyPress Members Only (CVE-2025-31812) , Apr 03, 2025
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026