VYPR

Wishlist Member X

by WordPress

CVEs (10)

  • CVE-2024-37113CriJul 10, 2024
    risk 0.64cvss 9.8epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

  • CVE-2026-6898HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated…

  • CVE-2026-6897HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in all versions up to, and including, 3.30.1. This makes it possible for…

  • CVE-2026-6895HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This…

  • CVE-2026-6419HigMay 23, 2026
    risk 0.57cvss 8.8epss 0.00

    The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajax_get_screen() function. This makes it possible for authenticated…

  • CVE-2024-37106HigNov 1, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6

  • CVE-2024-37108HigNov 1, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.This issue affects WishList Member X: from n/a through 3.26.6.

  • CVE-2024-37110HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

  • CVE-2026-25446Jun 17, 2026
    risk 0.00cvss epss 0.00

    Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

  • CVE-2026-24575Jun 17, 2026
    risk 0.00cvss epss 0.00

    Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.