This vulnerability, classified as CWE-532, concerns the improper handling of sensitive information by the Paid Memberships Pro – Mailchimp Add On, which results in sensitive data being written into log files. The affected versions include all versions up to 2.3.4. The CVSS 3.1 base score is 5.3, indicating a medium severity with network attack vector, low attack complexity, no privileges required, no user interaction, and limited confidentiality impact. No official fix or patch has been documented, and no known exploits have been observed.

The vulnerability may allow sensitive information to be exposed through log files, potentially leading to confidentiality breaches if unauthorized parties access these logs. However, the impact is limited to confidentiality with no integrity or availability effects reported. No active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should review and restrict access to log files containing sensitive information and consider disabling or limiting logging features in the affected add-on if feasible.