Description
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| WishList Products, LLC. | WishList Member X | unaffected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 17 Jun 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | |
| Title | WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability | |
| Weaknesses | CWE-434 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-06-17T15:31:33.658Z
Reserved: 2026-02-02T12:53:47.193Z
Link: CVE-2026-25446
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-434
Unrestricted Upload of File with Dangerous Type