Missing Authorization Vulnerability in WishList Member X Allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2024-37106

8.2HIGH

Key Information:

Vendor: WordPress
Status: Wishlist Member X
Vendor: CVE Published:; 1 November 2024

Summary

A security vulnerability in WishList Member X enables attackers to exploit incorrectly configured access control security levels. This missing authorization issue permits unauthorized users to manipulate access settings, potentially compromising the security of sensitive areas within the application. It is crucial for users operating versions prior to 3.26.6 to review their configurations and apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

WishList Member X <= 3.26.6

References

https://patchstack.com/database/vulnerability/wishlist-me...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Dave Jong (Patchstack)