VYPR

Wishsuite

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-30820HigMar 27, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite wishsuite allows PHP Local File Inclusion.This issue affects WishSuite: from n/a through <= 1.4.4.

  • CVE-2024-29927MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.

  • CVE-2025-13838MedDec 21, 2025
    risk 0.35cvss 6.4epss 0.00

    The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter of the 'wishsuite_button' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-23731MedJul 11, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.