Injection Vulnerability in Membership Software WishList Member X
CVE-2024-37112

10CRITICAL

Key Information:

Vendor: WordPress
Status: Wishlist Member X
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-37112?

A vulnerability exists in WishList Member X due to improper neutralization of special elements used in SQL commands, leading to SQL Injection risks. This issue can allow unauthorized users to execute arbitrary SQL queries without proper authentication. The affected versions of WishList Member X include all versions prior to 3.26.7, making it essential for users to update their software to the latest release to mitigate potential threats.

Affected Version(s)

WishList Member X < 3.26.7

References

https://patchstack.com/database/vulnerability/wishlist-me...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

CVE-2024-37112 Data

JSON

WordPress

What is CVE-2024-37112?

Affected Version(s)

References

CVSS V3.1

Timeline