CRITICAL
WishList Products, LLC.
CVE published 2026-06-17
CVE-2026-25446
A critical vulnerability (CVSS Score: 9.9) was discovered in the WishList Member X plugin for WordPress, affecting versions up to 3.29.0. This vulnerability allows subscribers to upload arbitrary files, potentially leading to severe consequences, including code execution and data breaches. The vulnerability was made public on June 17, 2026. Users of the affected plugin should take immediate action to miti [truncated]