CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37106 – WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-37106
20 Jun 2024 — Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the a function in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scri... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unautenticated-plugin-settings-change-leading-to-stored-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37108 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37108
20 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.This issue affects WishList Member X: from n/a through 3.26.6. The Wishlist Member plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.25.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the s... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37107 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-37107
20 Jun 2024 — Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de gestión de privilegios inadecuada en el software de membresía WishList Member X permite la escalada de privilegios. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.25.1. This makes i... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37109 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37109
20 Jun 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en el software de membresía WishList Member X permite la inyección de código. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to Remote Code Execution in ... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37111 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability
https://notcve.org/view.php?id=CVE-2024-37111
20 Jun 2024 — Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de autorización faltante en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to limit access to a site. • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-denial-of-service-attack-vulnerability?_s_id=cve • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37112 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37112
20 Jun 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Membership Software WishList Member X. Este problema afecta a WishList Member X: desde n/a antes de 3.26.7. The WishList Member X plugin for WordPress is vulnerable SQL Injection in versions ... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37110 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability
https://notcve.org/view.php?id=CVE-2024-37110
20 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a antes del 3.26.7. The Wishlist Member plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-settings-users-data-dump-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-37113 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability
https://notcve.org/view.php?id=CVE-2024-37113
20 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a antes del 3.26.7. The Wishlist Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.1 du... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-database-backup-download-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •