3 matches found
CVE-2024-2920
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for...
CVE-2024-2920 WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for...
WordPress WP-Members Plugin <= 3.4.9.3 is vulnerable to Sensitive Data Exposure
Software WP-Members Type Plugin Vulnerable versions = 3.4.9.3 Fixed in 3.4.9.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2920 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7f772dce8825 Credits Tim Coen Required privilege...