Description

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to retrieve the contents of an arbitrary file. Information obtained may aid in launching further attacks. WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions version 1.4.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.5 or latest

References

http://ceriksen.com/2012/07/13/wordpress-paid-memberships-pro-information-disclosure-vulnerability/

http://www.paidmembershipspro.com/2012/07/important-security-update-1-5/

http://secunia.com/advisories/49630/

Related Vulnerabilities

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction SQL Injection (3.0.9)

WordPress Plugin The Events Calendar Cross-Site Scripting (4.8.1)

Joomla! Core Multiple Vulnerabilities (1.7.3 - 3.7.2)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Open Redirect (1.85)

WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)

Severity

High

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Information Disclosure