A vulnerability described as critical has been identified in Wishlist Member Plugin up to 3.30.1 on WordPress. Affected by this issue is the function ajax_get_screen of the component Administrative API . Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-2026-6419 . It is possible to launch the attack remotely. No exploit is available.