CVE-2024-2920

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to, and including, 3.4.9.3

Description The issue allows unauthenticated attackers to view files uploaded by other users, which may contain sensitive information, due to the plugin uploading user-supplied files to a publicly accessible directory in wp-content without any restrictions.

Recommendations For versions up to, and including, 3.4.9.3, update to a version that fixes this issue to prevent information exposure. As a temporary workaround, consider restricting access to the wp-content directory to minimize the risk of exploitation.