Description

WordPress Plugin Paid Memberships Pro is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to retrieve the contents of an arbitrary file. Information obtained may aid in launching further attacks. WordPress Plugin Paid Memberships Pro version 1.4.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.5 or latest

References

Related Vulnerabilities