Lucene search
K

7 matches found

CVE
CVE
added 2025/12/12 3:20 a.m.16 views

CVE-2025-13440

CVE-2025-13440 affects Premmerce Wishlist for WooCommerce (WordPress). The flaw is Missing Authorization via deleteWishlist(), allowing authenticated users with Subscriber+ access to delete arbitrary wishlists in versions up to 1.1.10. Root cause: missing capability check in the deleteWishlist() ...

5.3CVSS5AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 2025/11/19 4:16 a.m.23 views

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS0.00271EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.3 views

WordPress plugin YITH WooCommerce Wishlist 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An...

5.3CVSS6.7AI score0.00271EPSS
Exploits0References7
NVD
NVD
added 2025/11/12 5:15 a.m.7 views

CVE-2025-12087

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/12 4:29 a.m.11 views

CVE-2025-12087 Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/12 4:29 a.m.4 views

CVE-2025-12087 Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlmremoveaddedwishlistpage' AJAX action due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.2AI score0.00168EPSS
Exploits0References2
htbridge
htbridge
added 2015/09/07 12:0 a.m.506 views

Two CSRF Vulnerabilities in Magento

High-Tech Bridge Security Research Lab discovered vulnerability in Magento, which can be exploited to perform CSRF Cross-Site Request Forgery attacks and delete shipment address and whishlist items. 1 Two CSRF Vulnerabilities in Magento: CVE-2015-7983 The vulnerability exists due to failure in th...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder