CVE-2024-7648

MEDIUM

Opal Membership <1.2.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators.

Scores

CVSS v3 4.3
EPSS 0.0059
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
wpopal/Opal Membership < 1.2.4
Published Aug 12, 2024
Tracked Since Feb 18, 2026