7 matches found
CVE-2025-69334 WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.3.0...
CVE-2025-60191
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...
WordPress plugin Wishlist for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2024-56228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce.This issue affects Wishlist for WooCommerce: from n/a through = 3.1.2...
WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin NC Wishlist for Woocommerce versions = 1.0.1...
PT-2023-24103 · WordPress · Hastheme Wishsuite – Wishlist For Woocommerce
Name of the Vulnerable Software and Affected Versions: HasTheme WishSuite – Wishlist for WooCommerce plugin versions = 1.3.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the...
CVE-2022-1465 WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...