Lucene search
K

33 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32407

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...

5.8AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:42 a.m.10 views

CVE-2026-32407

Technical details (affected product, vulnerable component, impact, or remediation) are not publicly provided in the supplied documents; monitor for updates.

4.3CVSS5.8AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.11 views

CVE-2022-0397

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS6.4AI score0.00591EPSS
Exploits2References1
CVE
CVE
added 2025/10/18 5:41 a.m.12 views

CVE-2025-11742

CVE-2025-11742 describes an information exposure in the WordPress plugin WPC Smart Wishlist for WooCommerce (WordPress). The root cause is a missing capability check on the AJAX action wishlist_quickview , affecting all versions up to and including 5.0.4. This allows authenticated users with Subs...

4.3CVSS4.7AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/18 5:41 a.m.8 views

CVE-2025-11742 WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00257EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/18 1:1 a.m.10 views

WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPC Smart Wishlist for WooCommerce versions = 5.0.4...

4.3CVSS6.8AI score0.00257EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/11 8:29 a.m.5 views

CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...

5.3CVSS5.5AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15543

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00591EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24769

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00815EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:22 a.m.9 views

CVE-2023-34386

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...

8.8CVSS8.5AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.5 views

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.00815EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/11/14 12:0 a.m.15 views

WordPress WPC Smart Wishlist for WooCommerce Plugin < 4.7.2 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpclever:wpcsmartwishlistforwoocommerce"; ifdescription...

8.8CVSS8.9AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2023/11/09 6:15 p.m.2 views

CVE-2023-34386

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...

8.8CVSS7.3AI score0.00315EPSS
Exploits0References1
Prion
Prion
added 2023/11/09 6:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...

6.8CVSS7.3AI score0.00315EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/09 6:0 p.m.27 views

CVE-2023-34386 WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...

4.3CVSS9.1AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.5 views

PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.8AI score0.00315EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/06/03 12:0 a.m.11 views

WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPC Smart Wishlist for WooCommerce Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0224798abc6b Credits...

8.8CVSS6.6AI score0.00315EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/05/18 12:0 a.m.15 views

WordPress WPC Smart Wishlist for WooCommerces plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPC Smart Wishlist for WooCommerces plugin versions prior to 2.9.9 contain a cross-site...

6.1CVSS1.6AI score0.00815EPSS
Exploits2References1
NVD
NVD
added 2022/05/16 3:15 p.m.17 views

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.00815EPSS
Exploits2References1
OSV
OSV
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score
Exploits0References1
Rows per page
Query Builder