Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Supercleanse
Supercleanse members – Membership & User Role Editor Plugin Wordpress Wordpress wordpress |
|
| Vendors & Products |
Supercleanse
Supercleanse members – Membership & User Role Editor Plugin Wordpress Wordpress wordpress |
Sat, 11 Jul 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the members_filter_protected_posts_for_rest. This makes it possible for unauthenticated attackers to extract determine the existence and exact count of access-restricted posts, and use per-page pagination as a boolean oracle to infer keywords and content contained within those hidden restricted posts. | |
| Title | Members <= 3.2.22 - Unauthenticated Sensitive Information Disclosure via REST API Pagination Side Channel | |
| Weaknesses | CWE-200 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-14T14:18:17.164Z
Reserved: 2026-06-16T17:04:21.226Z
Link: CVE-2026-12426
Updated: 2026-07-14T14:18:13.739Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T17:15:03Z