VYPR

WPC Smart Wishlist for WooCommerce

by WordPress

CVEs (5)

  • CVE-2022-1465MedMay 16, 2022
    risk 0.40cvss 6.1epss 0.01

    The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.

  • CVE-2022-0397MedMar 28, 2022
    risk 0.35cvss 5.4epss 0.01

    The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting

  • CVE-2025-11518MedOct 11, 2025
    risk 0.34cvss 5.3epss 0.00

    The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are…

  • CVE-2025-11742MedOct 18, 2025
    risk 0.28cvss 4.3epss 0.00

    The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers,…

  • CVE-2023-34386MedNov 9, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.