CVE-2025-11742
- EPSS 0.06%
- Veröffentlicht 18.10.2025 05:41:56
- Zuletzt bearbeitet 21.10.2025 19:31:25
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for...
CVE-2025-11518
- EPSS 0.08%
- Veröffentlicht 11.10.2025 08:29:16
- Zuletzt bearbeitet 14.10.2025 19:36:59
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is e...
CVE-2023-34386
- EPSS 0.1%
- Veröffentlicht 09.11.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 08:07:09
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.
CVE-2022-1465
- EPSS 0.21%
- Veröffentlicht 16.05.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:40:46
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.
CVE-2022-0397
- EPSS 0.29%
- Veröffentlicht 28.03.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:32
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflect...