CVE-2025-13838

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

EUVD-2025-204653

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-13838

WishSuite – Wishlist for WooCommerce has a stored XSS in the button_text attribute of the wishsuite_button shortcode, affecting all versions up to and including 1.5.1. Exploitation requires authenticated access at Contributor level or higher; an attacker can inject scripts that run in pages viewe...

CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttontext' parameter of the 'wishsuitebutton' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin WishSuite versions = 1.4.4...

WordPress plugin WishSuite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WishSuite Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Software WishSuite Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29927 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 15961de4374a Credits LVT-tholv2k Required privilege Contributor...

CVE-2023-32962

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin = 1.3.4 versions...

CVE-2023-23731

CVE-2023-23731: CSRF in WishSuite (WordPress plugin) = 1.3.4 to mitigate. PatchSTACK notes low severity with potential impact via plugin_activation, no explicit exploit details provided in connected docs.

WordPress Plugin WishSuite – Wishlist for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WishSuite - Wishlist for...

WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WishSuite Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32962 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9bc129cab632 Credits Emili Castells Required...