CVE-2024-8326

Name of the Vulnerable Software and Affected Versions: s2Member plugin for WordPress versions up to, and including, 241114

Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including user data and database configuration information, via the sc get details function. This can lead to reading, updating, or dropping database tables.

Recommendations: For versions up to, and including, 241114, consider disabling the sc get details function as a temporary workaround until a full patch is available. For version 241114, since the vulnerability was only partially patched, ensure to monitor for further updates that fully address the issue. At the moment, there is no information about a newer version that contains a full fix for this vulnerability.