24 matches found
CVE-2026-27329
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...
CVE-2026-27329
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...
CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...
CVE-2026-27329
The CVE concerns WordPress YITH WooCommerce Wishlist plugin (versions
WordPress plugin YITH WooCommerce Wishlist 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-38357
Name of the Vulnerable Software and Affected Versions YITH WooCommerce Wishlist versions prior to 4.12.0 Description An authorization bypass exists due to a user-controlled key, which allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a...
CVE-2025-12777
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...
CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...
WordPress YITH WooCommerce Wishlist plugin <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability
Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin YITH WooCommerce Wishlist versions = 4.10.0...
EUVD-2024-34757
Malicious code in bioql PyPI...
WordPress YITH WooCommerce Wishlist plugin <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin YITH WooCommerce Wishlist versions = 4.5.0...
CVE-2025-5238
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-25485 · WordPress · Yith Woocommerce Wishlist
Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Wishlist plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...
CVE-2024-34385
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...
YITH WooCommerce Wishlist < 3.33.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.33.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-34385
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...
CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0...
CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...