CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

NVD•added 2026/05/07 9:16 a.m.•12 views

CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS0.00315EPSS

Exploits0References1

Cvelist•added 2026/05/07 7:35 a.m.•36 views

CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

5.3CVSS0.00315EPSS

Exploits0References1

ATTACKERKB•added 2026/04/10 6:0 a.m.•1 views

CVE-2026-4432

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

5.9AI score0.00226EPSS

Exploits0References1

NVD•added 2025/11/19 4:16 a.m.•6 views

CVE-2025-12777

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint which uses...

5.3CVSS0.00271EPSS

Exploits0References6

NVD•added 2025/11/19 4:16 a.m.•10 views

CVE-2025-12427

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00242EPSS

Exploits0References6