CVE-2026-49077
Sensitive Data Exposure in WP eMember
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tips_and_tricks_hq | wp_emember | to 10.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-49077 is a vulnerability in the WordPress WP eMember Plugin, affecting versions up to and including v10.2.2. It allows unauthorized, unauthenticated attackers to access sensitive system information that is normally restricted from regular users.
This exposure of sensitive data could potentially enable attackers to exploit other weaknesses in the system.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information, which may be leveraged by attackers to conduct further attacks or compromise the system.
Although the severity is considered low with a CVSS score of 5.3, the exposure still poses a risk, especially if exploited in mass-exploit campaigns targeting websites using this plugin.
There is no official patch available as of the report date, so immediate mitigation actions such as updating the plugin when possible or consulting with a hosting provider or web developer are recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate action is recommended, such as updating the WP eMember plugin to a version later than v10.2.2 once available.
If an update is not yet available, seek assistance from your hosting provider or a web developer to implement temporary mitigations.
Be aware that while the risk is low, attackers may still target vulnerable websites using mass-exploit campaigns, so prompt action is advised.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in WP eMember allows unauthorized access to sensitive system information, which could lead to exposure of data that is meant to be protected.
Such exposure of sensitive data may impact compliance with data protection regulations like GDPR and HIPAA, as these standards require safeguarding sensitive information from unauthorized access.
However, the provided information does not explicitly detail the specific compliance implications or whether any regulated personal data is affected.