A vulnerability, which was classified as critical , has been found in Wishlist Member Plugin up to 3.30.1 on WordPress. This issue affects the function export_settings of the component REST API . The manipulation leads to improper privilege management. This vulnerability is listed as CVE-2026-6895 . The attack may be initiated remotely. There is no available exploit.