Wishlist Member X
by WordPress
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37113 | Cri | 0.64 | 9.8 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||
| CVE-2026-6898 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2026 | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated… | ||
| CVE-2026-6897 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2026 | The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in all versions up to, and including, 3.30.1. This makes it possible for… | ||
| CVE-2026-6895 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2026 | The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This… | ||
| CVE-2026-6419 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2026 | The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajax_get_screen() function. This makes it possible for authenticated… | ||
| CVE-2024-37106 | Hig | 0.53 | 8.2 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 | ||
| CVE-2024-37108 | Hig | 0.50 | 7.7 | 0.01 | Nov 1, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.This issue affects WishList Member X: from n/a through 3.26.6. | ||
| CVE-2024-37110 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||
| CVE-2026-25446 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | |||
| CVE-2026-24575 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. |
- risk 0.64cvss 9.8epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
- risk 0.57cvss 8.8epss 0.00
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_Hooks::generate_api_key' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated…
- risk 0.57cvss 8.8epss 0.00
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in all versions up to, and including, 3.30.1. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This…
- risk 0.57cvss 8.8epss 0.00
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajax_get_screen() function. This makes it possible for authenticated…
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6
- risk 0.50cvss 7.7epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.This issue affects WishList Member X: from n/a through 3.26.6.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
- CVE-2026-25446Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
- CVE-2026-24575Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.