Medium severity5.3NVD Advisory· Published Apr 26, 2024· Updated Jun 17, 2026
CVE-2024-2920
CVE-2024-2920
Description
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible for unauthenticated attackers to view files uploaded by other users which may contain sensitive information.
Affected products
2- Range: <= 3.4.9.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.