CVE-2024-1286

Name of the Vulnerable Software and Affected Versions pmpro-membership-maps versions prior to 0.7

Description The issue allows users with at least the contributor role to leak sensitive information about users with a membership on the site. This is due to the lack of proper access control in the pmpro-membership-maps WordPress plugin.

Recommendations For versions prior to 0.7, update to version 0.7 or later to resolve the issue. As a temporary workaround, consider restricting the contributor role's access to sensitive membership information until the update is applied.