cleantalk
Vulnerabilities and Security Researches

Memberful WP, CVE-2024-11294

CVE, Research URL

CVE-2024-11294

Home page URL

Security reports for Memberful WP

Application

Memberful WP

Published on
Dec 17, 2024
Research Description
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.
Affected versions
max 1.74.0.
Status
vulnerable
Previous vulnerability researches
Memberful WP (CVE-2024-9242) , Oct 05, 2024
Memberful WP (CVE-2024-11294) , Dec 18, 2024
Memberful WP (CVE-2025-58000) , Apr 25, 2026
New vulnerability
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026
Real Estate Manager – Property Listing and Agent Management (CVE-2025-58253) , Apr 25, 2026
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2025-58702) , Apr 25, 2026
Webdesignby Recaptcha (CVE-2026-4512) , Apr 25, 2026