33 matches found
CVE-2026-32407
Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...
CVE-2026-32407
Technical details (affected product, vulnerable component, impact, or remediation) are not publicly provided in the supplied documents; monitor for updates.
CVE-2022-0397
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2025-11742
CVE-2025-11742 describes an information exposure in the WordPress plugin WPC Smart Wishlist for WooCommerce (WordPress). The root cause is a missing capability check on the AJAX action wishlist_quickview , affecting all versions up to and including 5.0.4. This allows authenticated users with Subs...
CVE-2025-11742 WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPC Smart Wishlist for WooCommerce versions = 5.0.4...
CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it...
EUVD-2022-15543
Malicious code in bioql PyPI...
EUVD-2022-24769
Malicious code in bioql PyPI...
CVE-2023-34386
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...
CVE-2022-1465
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...
WordPress WPC Smart Wishlist for WooCommerce Plugin < 4.7.2 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpclever:wpcsmartwishlistforwoocommerce"; ifdescription...
CVE-2023-34386
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...
CVE-2023-34386 WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...
PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce
Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPC Smart Wishlist for WooCommerce Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34386 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0224798abc6b Credits...
WordPress WPC Smart Wishlist for WooCommerces plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPC Smart Wishlist for WooCommerces plugin versions prior to 2.9.9 contain a cross-site...
CVE-2022-1465
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-1465
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...