CVE | CVE-2024-2920 |
CVE Title | |
Published Date | 2024-04-26T08:15Z |
Modified Date | 2024-04-26T12:58Z |
Description | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information. |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve |
Reference Description | https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=cve |
Reference URL | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074215%40wp-members&new=3074215%40wp-members&sfp_email=&sfph_mail= |
Reference Description | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074215%40wp-members&new=3074215%40wp-members&sfp_email=&sfph_mail= |
Sources | NIST MITRE |
Note
- No CVSS data for this CVE