Unauthorized Access to Sensitive Information in WishList Member X Membership Software
CVE-2024-37110

7.5HIGH

Key Information:

Vendor: WordPress
Status: Wishlist Member X
Vendor: CVE Published:; 10 July 2024

Summary

A vulnerability exists in WishList Member X that exposes sensitive information to unauthorized actors. This issue impacts the plugin versions prior to 3.26.7, allowing malicious users to access personal data without proper authentication. Site administrators are advised to evaluate their systems for this vulnerability and take appropriate action to secure their installations.

Affected Version(s)

WishList Member X < 3.26.7

References

https://patchstack.com/database/vulnerability/wishlist-me...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Dave Jong (Patchstack)