Lucene search
+L

24 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.13 views

CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:35 a.m.5 views

CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 7:35 a.m.7 views

CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 7:35 a.m.20 views

CVE-2026-27329

The CVE concerns WordPress YITH WooCommerce Wishlist plugin (versions

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

WordPress plugin YITH WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38357

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Wishlist versions prior to 4.12.0 Description An authorization bypass exists due to a user-controlled key, which allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.10 views

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS5.7AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 3:29 a.m.12 views

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

5.3CVSS0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/19 3:29 a.m.13 views

CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS0.00303EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/11/18 10:30 p.m.7 views

WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability

Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...

5.3CVSS7AI score0.00303EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-34757

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00261EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/17 11:0 a.m.10 views

WordPress YITH WooCommerce Wishlist plugin <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin YITH WooCommerce Wishlist versions = 4.5.0...

6.4CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/14 10:15 a.m.11 views

CVE-2025-5238

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00244EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/14 12:0 a.m.3 views

WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.1AI score0.00244EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.7 views

PT-2025-25485 · WordPress · Yith Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Wishlist plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

6.4CVSS5.7AI score0.00244EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.10 views

CVE-2024-34385

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...

5.9CVSS5.9AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.33 views

YITH WooCommerce Wishlist < 3.33.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.33.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00261EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/03 12:15 p.m.23 views

CVE-2024-34385

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...

5.9CVSS6.1AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/03 11:41 a.m.26 views

CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0...

5.9CVSS6.8AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/03 11:41 a.m.31 views

CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...

5.9CVSS6.1AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder