132 matches found
EUVD-2026-37667
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
EUVD-2026-37663
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
CVE-2026-25446
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
CVE-2026-24575
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
CVE-2026-25446
CVE-2026-25446 affects the WordPress plugin Wishlist Member X (WishList Member X) up to version 3.29.0. The vulnerability is an authenticated Arbitrary File Upload that could enable a subscriber to upload arbitrary files on affected sites. According to the provided sources, this CVE is currently ...
CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
CVE-2026-24575
CVE-2026-24575 affects WordPress WishList Member X plugin
CVE-2026-6895
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-6419
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
CVE-2026-6897
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2026-6898
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Update vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.32.0...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability
Missing Authorization to Authenticated Subscriber+ Generate API Secret Key vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
CVE-2026-6895
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-6898
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2026-6897
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...
CVE-2026-6419
Vulnerability summary (CVE-2026-6419) : The WishList Member WordPress plugin is affected on versions up to 3.30.1 by a missing authorization check in ajax_get_screen(), allowing authenticated users with Subscriber-level access or higher to pass an admin screen via data[url] and load the administr...