Lucene search
K

132 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.6 views

EUVD-2026-37667

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.6 views

EUVD-2026-37663

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS5.1AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-25446

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

9.9CVSS0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-24575

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.25 views

CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

9.9CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.10 views

CVE-2026-25446

CVE-2026-25446 affects the WordPress plugin Wishlist Member X (WishList Member X) up to version 3.29.0. The vulnerability is an authenticated Arbitrary File Upload that could enable a subscriber to upload arbitrary files on affected sites. According to the provided sources, this CVE is currently ...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

4.3CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2026-24575

CVE-2026-24575 affects WordPress WishList Member X plugin

4.3CVSS5.1AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.9 views

CVE-2026-6895

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.14 views

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.11 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.10 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Update vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.32.0...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.14 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability

Missing Authorization to Authenticated Subscriber+ Generate API Secret Key vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/25 7:0 a.m.12 views

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

8.8CVSS5.8AI score0.00258EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/23 5:16 a.m.11 views

CVE-2026-6895

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...

8.8CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/05/23 5:16 a.m.9 views

CVE-2026-6898

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3Hooks::generateapikey' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/05/23 5:16 a.m.12 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/05/23 4:27 a.m.31 views

CVE-2026-6419

Vulnerability summary (CVE-2026-6419) : The WishList Member WordPress plugin is affected on versions up to 3.30.1 by a missing authorization check in ajax_get_screen(), allowing authenticated users with Subscriber-level access or higher to pass an admin screen via data[url] and load the administr...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder