WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability

Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...

CVE-2025-69334 WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.3.0...

CVE-2025-69334 WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.3.0...

WordPress Wishlist for WooCommerce plugin <= 1.1.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Powpy in WordPress Plugin Wishlist for WooCommerce versions = 1.1.3...

WordPress Wishlist for WooCommerce Missing Authorization Vulnerability

WordPress Wishlist for WooCommerce is a feature module for e-commerce websites that allows users to add items to a wishlist or favorites for subsequent purchases. WordPress Wishlist for WooCommerce suffers from a missing authorization vulnerability, no details of the vulnerability are provided at...

CVE-2025-31061

CVE-2025-31061 describes a reflected XSS in the WordPress Wishlist (Wishlist – WordPress plugin) affecting versions from n/a up to 2.1.0. The issue arises from improper neutralization of input during web page generation, enabling an attacker to inject arbitrary scripts via user-supplied input tha...

CVE-2025-31061 WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through = 2.1.0...

CVE-2025-31061 WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0...

CVE-2025-49075 WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43...

CVE-2025-49075 WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Wishlist wishlist allows Stored XSS.This issue affects Wishlist: from n/a through = 1.0.43...

WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Wishlist versions = 2.1.0...

WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Wishlist for WooCommerce versions = 3.2.2...

CVE-2025-31062 WordPress Wishlist plugin <= 2.1.0 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through = 2.1.0...

CVE-2025-31062 WordPress Wishlist plugin <= 2.1.0 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through = 2.1.0...

CVE-2025-31063 WordPress Wishlist plugin <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through = 2.1.0...

CVE-2025-32618 WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through = 1.0.46...

CVE-2025-32618

CVE-2025-32618 affects the Wishlist WordPress plugin. An authenticated (Subscriber+) SQL Injection exists due to improper input handling in Wishlist, affecting versions up to 1.0.44 (per Wordfence; initial doc cites 1.0.43). CVSS v3.1 base score 8.5 (HIGH). Remediation: update Wishlist to a patch...

CVE-2025-32272

Technical details about CVE-2025-32272 (Wishlist CSRF) are not provided in the connected documents. Please monitor for updates from official advisories.

CVE-2025-32272 WordPress Wishlist Plugin <= 1.0.44 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44...

WordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by LVT-tholv2k in WordPress Plugin Wishlist versions = 1.0.46...