A high-severity vulnerability in the WishList Member WordPress plugin allows unauthorized users to escalate their privileges, potentially gaining administrative control.

This vulnerability stems from missing authorization controls, allowing users to perform actions they should not have the permissions to execute. This can be leveraged to escalate privileges within the application.

The CVSS score of 8.8 underscores the gravity of this flaw. By escalating privileges, an attacker can gain unrestricted control over the WordPress site, leading to the compromise of member data and administrative configuration settings.

Immediate Action: Update the WishList Member plugin to the latest version.

Proactive Monitoring: Audit user roles and permissions periodically to identify any unauthorized escalations.

Compensating Controls: Implement a WAF to detect and block common privilege escalation attempts directed at plugin-specific endpoints.

Public Exploit Available: false

Protecting against unauthorized privilege escalation is vital for maintaining the security of the CMS. Administrators must update the WishList Member plugin as soon as a patch is available.