Privilege Escalation Vulnerability Affects WishList Member from n/a through 3.25.1
CVE-2024-37107

8.8HIGH

Key Information:

Vendor: WordPress
Status: Wishlist Member X
Vendor: CVE Published:; 24 June 2024

Summary

The improper privilege management vulnerability in WishList Member X enables unauthorized users to escalate their privileges. This issue could potentially allow attackers to gain higher-level access to sensitive areas of the application. Affected versions include those prior to 3.26.7, raising significant concerns for sites utilizing this plugin. Organizations are encouraged to evaluate their installations and apply necessary security measures to mitigate the associated risks.

Affected Version(s)

WishList Member X < 3.26.7

References

https://patchstack.com/database/vulnerability/wishlist-me...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Dave Jong (Patchstack)