cleantalk
Vulnerabilities and Security Researches

WP-Members Membership Plugin, CVE-2024-2920

CVE, Research URL

CVE-2024-2920

Home page URL

Security reports for WP-Members Membership Plugin

Application

WP-Members Membership Plugin

Published on
Apr 26, 2024
Research Description
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.
Affected versions
Min -, max 3.4.9.4.
Status
vulnerable
Previous vulnerability researches
TAKETIN To WP Membership (CVE-2024-49226) , Oct 18, 2024
WP-Members Membership Plugin (CVE-2024-9231) , Oct 23, 2024
WP-Members Membership Plugin (CVE-2019-15660) , Jun 07, 2024
WP-Members Membership Plugin (CVE-2017-2222) , Jun 07, 2024
WP-Members Membership Plugin (CVE-2023-2869) , Jun 07, 2024
New vulnerability
Wise Chat (CVE-2024-13613) , May 18, 2025
WP Booking Calendar (CVE-2025-4669) , May 18, 2025
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025
SEO Flow by LupsOnline (CVE-2025-48146) , May 18, 2025