3 matches found
CVE-2024-0972
CVE-2024-0972 affects BuddyPress Members Only for WordPress (all versions
CVE-2024-0972 BuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST API
The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest"...
WordPress BuddyPress Members Only Plugin <= 3.3.5 is vulnerable to Sensitive Data Exposure
Software BuddyPress Members Only Type Plugin Vulnerable versions = 3.3.5 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-0972 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 96dc46493939 Credits Francesco Carlucci...