VYPR

Wishlist For Woocommerce

by Wpfactory

CVEs (8)

  • CVE-2024-56228HigDec 31, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce.This issue affects Wishlist for WooCommerce: from n/a through <= 3.1.2.

  • CVE-2025-69334MedJan 6, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0.

  • CVE-2025-12040MedNov 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for…

  • CVE-2025-49319MedJul 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.3.

  • CVE-2025-48237MedMay 19, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.2.

  • CVE-2024-13774MedMar 8, 2025
    risk 0.40cvss 6.1epss 0.00

    The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes…

  • CVE-2025-24657MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce wt-woocommerce-wishlist allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 2.1.2.

  • CVE-2025-13440MedDec 12, 2025
    risk 0.27cvss 5.3epss 0.00

    The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with…