PT-2024-15903 · WordPress · S2Member
Francesco Carlucci
·
Published
2024-04-09
·
Updated
2024-04-10
·
CVE-2024-0899
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
s2Member plugin for WordPress versions prior to 230816
Description
The issue allows unauthenticated attackers to expose information via the API, making it possible to see the contents of posts and pages.
Recommendations
For versions prior to 230816, update to version 230816 or later to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
S2Member