CVE-2025-12427
- EPSS 0.04%
- Veröffentlicht 19.11.2025 03:29:39
- Zuletzt bearbeitet 19.11.2025 19:14:59
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes...
CVE-2025-12777
- EPSS 0.1%
- Veröffentlicht 19.11.2025 03:29:38
- Zuletzt bearbeitet 19.11.2025 19:14:59
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-j...
CVE-2025-5238
- EPSS 0.04%
- Veröffentlicht 14.06.2025 09:23:34
- Zuletzt bearbeitet 16.06.2025 12:32:18
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for ...
CVE-2019-16251
- EPSS 0.51%
- Veröffentlicht 31.10.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:30:23
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.