1 article
Wordfence published advisories for four CVSS 8.8 authorization failure vulnerabilities in WishList Member, a WordPress membership plugin with 100,000+ active installs, on 23 May 2026. Subscriber-level authenticated attackers can exploit the flaws to escalate to administrator access, read sensitive member data, and modify arbitrary site content. Patches are available.