CVE-2026-6898 | Wishlist Member Plugin up to 3.30.1 on WordPress REST API generate_api_key privileges management

Inserito da Angelo Barbosa | Mag 23, 2026 | CVE

A vulnerability classified as critical was found in Wishlist Member Plugin up to 3.30.1 on WordPress. This vulnerability affects the function WishListMember3_Hooks::generate_api_key of the component REST API. Executing a manipulation can lead to improper privilege management.

This vulnerability is tracked as CVE-2026-6898. The attack can be launched remotely. No exploit exists.

CVE-2026-6898 | Wishlist Member Plugin up to 3.30.1 on WordPress REST API generate_api_key privileges management

Post correlati

CVE-2025-22795 | Thorsten Krug Multilang Contact Form Plugin up to 1.5 on WordPress cross site scripting

CVE-2024-5407 | SaltOS RhinOS 3.0-1190 /portal/search.htm search code injection

CVE-2026-22881 | Cybozu Garoon up to 6.0.3 Message cross site scripting

CVE-2024-37429 | Hamid Alinia Login with Phone Number Plugin up to 1.7.35 on WordPress cross site scripting