4 matches found
Missing Authorization
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Missing Authorization through the MageWishlistSharedController shared wishlist item flow. An attacker can access or manipulate wishlist ite...
CVE-2025-11742
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-34965
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-11742
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...