Description
WordPress Plugin WishList Member X is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WishList Member X version 3.25.1 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2)
WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)
WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)
WordPress Plugin Freetobook review widget Unspecified Vulnerability (1.0)