Report
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the a function in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts.
Score:8.2
Severity:High
Version:< 3.26.7
There is a patch available in v3.26.7 and we strongly recommend you update to this version as soon as possible.
