Missing Authorization vulnerability in WishList Member X
CVE-2024-37111
7.5HIGH
Summary
The missing authorization vulnerability in WishList Member X, prior to version 3.26.7, allows attackers to exploit inadequate access control mechanisms. By leveraging this vulnerability, unauthorized users could gain access to restricted functionalities, potentially leading to unauthorized modifications or disclosures of sensitive information.
Affected Version(s)
WishList Member X < 3.26.7
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dave Jong (Patchstack)