CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wishlistmember:wishlist_member_x:*:*:*:*:*:wordpress:*:*

History

20 Aug 2024, 20:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wishlistmember:wishlist_member_x::::::wordpress::*
CWE		NVD-CWE-noinfo
References	~~() https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve - Third Party Advisory
First Time		Wishlistmember wishlist Member X Wishlistmember

28 Jun 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de gestión de privilegios inadecuada en el software de membresía WishList Member X permite la escalada de privilegios. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1.
Summary	~~(en) Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1.~~	(en) Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7.

24 Jun 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-24 13:15

Updated : 2024-08-20 20:13

NVD link : CVE-2024-37107

Mitre link : CVE-2024-37107

CVE.ORG link : CVE-2024-37107

JSON object : View

Products Affected

wishlistmember

wishlist_member_x

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

8.8 /10