CVE-2024-11294

Summary

CVE-2024-11294 is a vulnerability affecting the Memberful plugin for WordPress. In versions up to 1.73.9, this issue allows unauthenticated attackers to access sensitive information from restricted posts using the WordPress core search feature. By exploiting this Sensitive Information Exposure vulnerability, attackers can gain access to data intended for higher-level roles, such as site members, without proper authorization. This poses a significant security risk, as sensitive information can be exposed and potentially used for malicious purposes. WordPress users are advised to update the Memberful plugin to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.