A high-severity vulnerability in the WishList Member WordPress plugin allows attackers to disclose sensitive information and escalate privileges through missing authorization.

The plugin lacks necessary authorization checks, enabling an attacker to access sensitive information and escalate their privileges. This flaw exposes the internal workings and user account structure of the plugin.

With a CVSS score of 8.8, this vulnerability poses a significant risk of data breach and account takeover. Unauthorized access to sensitive information can lead to further exploitation, while privilege escalation grants attackers administrative control.

Immediate Action: Update the WishList Member plugin to the latest version immediately.

Proactive Monitoring: Monitor site traffic for unusual access to administrative or configuration endpoints.

Compensating Controls: Ensure that sensitive directories are protected and that access logs are monitored for anomalous activity.

Public Exploit Available: false

This vulnerability is critical due to the combination of information disclosure and privilege escalation. Administrators must update the plugin immediately to secure the site against these threats.