漏洞速览
- 漏洞编号:
CVE-2026-6895 - 风险评分:
8.8(高危) - 首次披露:2026-05-22
- 最近更新:2026-05-23
- 软件类型:插件
- 软件标识:
wishlist-member-x - 受影响版本:<= 3.30.1
- 修复版本:3.31.0
- 是否已修复:是
漏洞详情
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'export_settings' function. This function returns the REST API Secret Key to the attacker in the AJAX JSON response. An attacker who obtains this key can authenticate to the WishList Member API, create a new membership level assigned the administrator WordPress role, and register an arbitrary administrator-level user account, resulting in complete site takeover.
影响与风险
- 漏洞类型:Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3exportsettings' AJAX Action
- 风险说明:漏洞可被用于权限提升,低权限账号可能借此获得更高后台控制能力。
- 研究人员:h0xilo
修复建议
- 按官方建议执行修复:更新至 3.31.0 或更高已修复版本。
- 复核
administrator/shop manager等高权限账号与角色授权。 - 排查近期插件安装/配置变更记录,确认无异常写入。
- 建议配合 WAF 与登录审计,持续观察可疑请求。
