CVE-2024-0899

MEDIUM

s2Member < 230815 - Unauthenticated Information Exposure via API

Title source: llm

Description

The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages.

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3051411%40s2member%2Ftrunk&old=3037346%40s2member%2Ftrunk&sfp_email=&sfph_mail=

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=cve

Scores

CVSS v3 5.3

EPSS 0.0056

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

clavaque/s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions < 230815

clavaque/s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions < 230815

Published Apr 09, 2024

Tracked Since Feb 18, 2026