CVE-2024-0972

🗓️ 06 Jun 2024 04:10:15Reported by WordfenceType

BuddyPress plugin vulnerability to sensitive information exposure via REST API

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Patchstack	WordPress BuddyPress Members Only Plugin <= 3.3.5 is vulnerable to Sensitive Data Exposure	6 Jun 202400:00	–	patchstack
Cvelist	CVE-2024-0972 BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API	6 Jun 202403:53	–	cvelist
Vulnrichment	CVE-2024-0972 BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API	6 Jun 202403:53	–	vulnrichment
WPVulnDB	BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API	5 Jun 202400:00	–	wpvulndb
NVD	CVE-2024-0972	6 Jun 202404:15	–	nvd
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence

Nvd

Vulners

Vulnrichment

Node

membersonly buddypress_members_onlyRange≤3.3.5wordpress

[
  {
    "vendor": "zhuyi",
    "product": "BuddyPress Members Only",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.3.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo