cleantalk
Vulnerabilities and Security Researches

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction, CVE-2024-11291

CVE, Research URL

CVE-2024-11291

Home page URL

Security reports for Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Application

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Published on
Dec 18, 2024
Research Description
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
Affected versions
Min -, max 2.13.5.
Status
vulnerable
Previous vulnerability researches
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-11291) , Dec 19, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-12919) , Jan 15, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-31088) , Apr 02, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2021-24728) , Jun 07, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2024-32728) , Jun 07, 2024
New vulnerability
WP Statistics , May 27, 2025
Hostinger , May 27, 2025
BackWPup – WordPress Backup Plugin , May 27, 2025
Quick Contact Form (CVE-2025-48245) , May 27, 2025
Affiliate Sales in Google Analytics and other tools (CVE-2024-12561) , May 27, 2025