Vulnerabilities > CVE-2024-11090 - Unspecified vulnerability in Stellarwp Membership Plugin - Restrict Content

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

stellarwp

NVD

Published: 2025-01-26

Updated: 2025-02-04

Summary

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Vulnerable Configurations

Part	Description	Count
Application	Stellarwp Stellarwp Membership Plugin Restrict Content *	1

References

https://plugins.trac.wordpress.org/changeset/3227065/restrict-content
https://www.wordfence.com/threat-intel/vulnerabilities/id/7615c391-ccb1-4990-bbfd-949782cc609a?source=cve