CVE-2022-0397

🗓️ 28 Mar 2022 17:22:48Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 80 Views🌐 WEB

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 is susceptible to Reflected XSS via the wishlist_quickview AJAX action

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-0397	28 Mar 202218:15	–	attackerkb
CNNVD	WordPress plugin WPC Smart Wishlist for WooCommerce 跨站脚本漏洞	28 Mar 202200:00	–	cnnvd
CNVD	WordPress WPC Smart Wishlist for WooCommerce plugin跨站脚本漏洞	30 Mar 202200:00	–	cnvd
Cvelist	CVE-2022-0397 WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting	28 Mar 202217:22	–	cvelist
EUVD	EUVD-2022-15543	3 Oct 202520:07	–	euvd
NVD	CVE-2022-0397	28 Mar 202218:15	–	nvd
OSV	CVE-2022-0397	28 Mar 202218:15	–	osv
Patchstack	WordPress WPC Smart Wishlist for WooCommerce plugin <= 2.9.3 - Reflected Cross-Site Scripting (XSS) vulnerability	1 Mar 202200:00	–	patchstack
Prion	Cross site scripting	28 Mar 202218:15	–	prion
RedhatCVE	CVE-2022-0397	9 Jan 202610:45	–	redhatcve

NVD

Vulners

Node

wpclever wpc_smart_wishlist_for_woocommerceRange<2.9.4wordpress

[
  {
    "product": "WPC Smart Wishlist for WooCommerce",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.9.4",
        "status": "affected",
        "version": "2.9.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/c8091254-1ced-4363-ab7f-5b880447713d

Parameter	Position	Path	Description	CWE
key	request body	wp-admin/admin-ajax.php	Reflected Cross-Site Scripting in WPC Smart Wishlist for WooCommerce: the key parameter is echoed back in the wishlist_quickview AJAX action response without sanitization/escaping (authenticated user), enabling XSS.	CWE-79

17 Jun 2026 04:20Current

5.3Medium risk

Vulners AI Score5.3

CVSS 23.5

CVSS 3.15.4

EPSS0.00591

CWE-79