VYPR
Medium severity5.3NVD Advisory· Published Apr 26, 2024· Updated Jun 17, 2026

CVE-2024-2920

CVE-2024-2920

Description

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2024-2920 · Medium · VYPR