Product

Wishlist Member Plugin

3 briefs RSS

CVE-2026-6898: Wishlist Member WordPress Plugin Vulnerability Leads to Site Takeover

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check (CVE-2026-6898), allowing authenticated attackers with subscriber-level access or higher to update the REST API Secret Key, create administrator accounts, and achieve complete site takeover.

Wishlist Member plugin wordpress plugin privilege-escalation credential-access persistence initial-access

2r 4t 1c 1h ago

critical advisory

CVE-2026-6897: Wishlist Member Plugin Vulnerability Leads to WordPress Site Takeover

2 rules 3 TTPs 1 CVE

CVE-2026-6897 is a critical vulnerability in the Wishlist Member plugin for WordPress, allowing authenticated attackers with subscriber-level access to modify plugin settings, including the REST API secret key, ultimately enabling them to create administrator accounts and take over the entire site.

Wishlist Member plugin wordpress plugin privilege-escalation credential-access persistence

2r 3t 1c 1h ago

critical threat

WishList Member Plugin Privilege Escalation via Missing Authorization (CVE-2026-6419)

2 rules 1 TTP 1 CVE

The WishList Member plugin for WordPress is vulnerable to privilege escalation (CVE-2026-6419) due to a missing capability and nonce check in the ajax_get_screen() function, allowing authenticated attackers with subscriber-level access to retrieve the plugin's REST API Secret Key and create administrator accounts, leading to complete site takeover.

WishList Member plugin privilege-escalation wordpress plugin CVE-2026-6419

2r 1t 1c 1h ago