PatchSiren cyber security CVE debrief
CVE-2026-49077 Tips and Tricks HQ CVE debrief
CVE-2026-49077 is a MEDIUM-severity vulnerability in the WP eMember plugin by Tips and Tricks HQ. The issue, which allows exposure of sensitive system information, affects WP eMember versions from n/a through 10.2.2. The vulnerability has a CVSS score of 5.3 and was published on 2026-06-04T11:16:27.457Z.
- Vendor
- Tips and Tricks HQ
- Product
- WP eMember
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of the WP eMember plugin, particularly those with versions from n/a through 10.2.2, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is an Exposure of Sensitive System Information to an Unauthorized Control Sphere issue in WP eMember. It allows for the retrieval of embedded sensitive data. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-497.
Defensive priority
MEDIUM
Recommended defensive actions
- Update WP eMember to a version that is not vulnerable.
- Refer to [ref-4] for mitigation or vendor reference: https://patchstack.com/database/wordpress/plugin/wp-emember/vulnerability/wordpress-wp-emember-plugin-v10-2-2-sensitive-data-exposure-vulnerability?_s_id=cve
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide official information about this vulnerability.
Official resources
-
CVE-2026-49077 CVE record
CVE.org
-
CVE-2026-49077 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
The CVE was published on 2026-06-04T11:16:27.457Z and last modified on 2026-06-04T13:53:09.797Z.