Medium severity5.3NVD Advisory· Published Jun 6, 2024· Updated Apr 8, 2026

CVE-2024-0972

Description

The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content.

Affected products

Membersonly/Buddypress Members Only
cpe:2.3:a:membersonly:buddypress_members_only:*:*:*:*:*:wordpress:*:*
Range: <=3.3.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/dcfead67-d75d-46ae-ac68-a34643ac2f52nvdThird Party Advisory
plugins.trac.wordpress.org/browser/buddypress-members-only/trunk/buddypress-members-only.phpnvdProduct
plugins.trac.wordpress.org/changesetnvd
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000