Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data.
This issue affects WP eMember: from n/a through v10.2.2.
AnalysisAI
Sensitive data exposure in the WP eMember WordPress plugin (Tips and Tricks HQ) through version 10.2.2 allows unauthenticated remote attackers to retrieve embedded sensitive system information via a network request. The vulnerability is classified under CWE-497, meaning internally sensitive data is reachable from an unauthorized control sphere - in this case, the open internet without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation probability from EPSS data was not provided, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms this is trivially reachable from any network source.
Technical ContextAI
WP eMember is a WordPress membership management plugin developed by Tips and Tricks HQ, identified by CPE cpe:2.3:a:tips_and_tricks_hq:wp_emember:*:*:*:*:*:*:*:*. The root cause is CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), which occurs when an application inadvertently surfaces sensitive internal data - such as configuration values, system paths, API keys, or internal state - through a publicly accessible interface. In the WordPress context, this commonly manifests as unprotected REST API endpoints, publicly readable PHP output, or improperly gated AJAX handlers that return data intended only for authenticated or privileged users. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates the exposure is reachable over the network with no authentication, no user interaction, and no elevated attack complexity, though the confidentiality impact is rated Low, suggesting partial rather than full data exposure.
RemediationAI
Site administrators should update WP eMember to a version beyond v10.2.2 immediately; the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-2-2-sensitive-data-exposure-vulnerability should be consulted for the confirmed fixed version, as the exact patched release number was not independently confirmed in the available intelligence data. If an immediate update is not feasible, consider using a WordPress security plugin such as Patchstack or Wordfence to apply a virtual patch rule blocking access to the vulnerable endpoint while the core update is prepared. Additionally, restricting access to the WordPress installation via IP allowlisting at the web server or WAF layer can reduce exposure surface, though this may impact legitimate member access. Audit the site for any sensitive data that may have been accessible and review WordPress and server-side logs for anomalous unauthenticated requests to plugin endpoints.
More in Wp Emember
View allThe wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to m
The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the
The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as we
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as w
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, whi
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the
Unauthenticated SQL injection in the WP eMember WordPress plugin versions prior to 10.9.4 allows remote attackers to inj
A reflected cross-site scripting (XSS) vulnerability exists in the WP eMember WordPress plugin by Tips and Tricks HQ, af
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34241
GHSA-4rgr-wmhw-58fg