CVE-2024-8326

HIGH 8.8

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114.

CWE	CWE-200
Vendor	clavaque
Product	s2member – excellent for all kinds of memberships, content restriction paywalls & member access subscriptions
Published	Dec 17, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for clavaque s2member – excellent for all kinds of memberships, content restriction paywalls & member access subscriptions

Be the first to know when new high vulnerabilities affecting clavaque s2member – excellent for all kinds of memberships, content restriction paywalls & member access subscriptions are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

clavaque / s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

0 ≤ 241114

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

wesley