CVE-2024-1287

Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLi

Description

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an SQLi vector.

INFO

Published Date :

2024-07-30T06:00:06.053Z

Last Modified :

2025-08-27T12:00:38.906Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-1287 vulnerability.

Vendors	Products
Paidmembershipspro	Paid Memberships Pro
Strangerstudios	Paid Memberships Pro

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-1287.

URL	Resource
https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact