Membership Plugin Restrict Content Sensitive Information Exposure Vulnerability
Vulnerability
A vulnerability allowing sensitive information exposure has been identified in the Membership Plugin – Restrict Content for WordPress, affecting all versions through 3.2.13. This vulnerability arises from an improper handling of content restrictions, allowing unauthenticated users to access sensitive data in posts restricted to higher-level roles, such as administrators. The issue can be exploited through the WordPress core search feature.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as personal data or private communications, from posts restricted to higher-level roles.
Reproduction
To reproduce this vulnerability, perform a search using the WordPress core search feature while logged out or without the necessary permissions. The search may return results from restricted posts, bypassing the content restrictions intended for higher-level roles.
Remediation
Users are advised to update the Membership Plugin – Restrict Content to version 3.2.14 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.