3 matches found
CVE-2024-37106
Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6...
CVE-2024-37106
CVE-2024-37106 pertains to the WishList Member X WordPress plugin. Affected versions are WishList Member X up to 3.26.6. The issue is a Missing/Unauthenticated Authorization flaw that enables Stored Cross-Site Scripting when an attacker exploits misconfigured access control for sensitive areas. T...
WordPress WishList Member X Plugin < 3.26.7 is vulnerable to Settings Change
Software WishList Member X Type Plugin Vulnerable versions 3.26.7 Fixed in 3.26.7 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-37106 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 71867d3bc447 Credits Dave Jong Patchstack Required...