WordPress Plugin Vulnerabilities

WishList Member X < 3.26.7 - Unauthenticated Denial of Service

Description

The Wishlist Member plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to limit access to a site.

Affects Plugins

Plugin icon
wishlist-member-x
Fixed in 3.26.7

References

CVE
CVE-2024-37111
URL
https://patchstack.com/database/wordpress/plugin/wishlist-member-x/vulnerability/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-denial-of-service-attack-vulnerability

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
b5a65147-304b-40b8-b034-a54c4e9ac312

Timeline

Publicly Published
2024-06-20 (about 1 year ago)
Added
2024-07-02 (about 1 year ago)
Last Updated
2025-10-29 (about 5 months ago)

Other

Published
Title
Published
2025-03-27
Title
Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging
Published
2019-12-23
Title
BuddyPress < 5.1.1 - Denial of Service
Published
2021-10-25
Title
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS
Published
2022-08-22
Title
Better Messages < 1.9.10.58 - Subscriber+ Denial Of Service
Published
2018-02-05
Title
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)