784 matches found
WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
In the latest version 2.8.2 as of writing the article and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched ...
TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload
TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection
WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint. id: CVE-2022-0412 info: name: WordPress TI WooCommerce...
CVE-2026-14799
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
EUVD-2026-41810
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
CVE-2026-14799
CodeAstro Ecommerce Website 1.0 is affected by CVE-2026-14799 due to a SQL injection in /customer/my_account.php?my_wishlist when manipulating the delete_wishlist argument. The issue is exploitable remotely with a low-privilege, no-user-interaction path (network vector, low complexity; exploit ma...
CVE-2026-57356
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2026-57356 WordPress MC Woocommerce Wishlist plugin <= 1.9.19 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2026-57356
CVE-2026-57356 is an unauthenticated Cross Site Scripting (XSS) vulnerability affecting the WordPress MC Woocommerce Wishlist plugin version ≤ 1.9.19. The issue, identified in the CVE record, does not specify exploitation status or a confirmed fix within the provided documents. The CVSS base scor...
EUVD-2026-41355
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2026-57356
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2026-54849
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
EUVD-2026-39373
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...
CVE-2026-54849
CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions <= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...
CVE-2019-25757
Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...
PT-2026-50993
Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.11...
EUVD-2026-37667
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...