The Paid Memberships Pro WordPress plugin prior to 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.
Vulmon