CVE-2024-1287

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-202
View all →

Vulnerability Description

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.

Related Vulnerabilities

CVE-2022-20747

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is d...

CWE-2022022

CVE-2022-20810

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensi...

CWE-2022022

CVE-2024-38892

MEDIUM
CVSS:6.5(Medium)

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.

CWE-2022024

CVE-2021-1372

MEDIUM
CVSS:5.5(Medium)

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system....

CWE-2022021

CVE-2022-41623

HIGH
CVSS:7.5(High)

Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.

CWE-2022022

CVE-2024-13255

HIGH
CVSS:7.5(High)

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.

CWE-2022024