2 matches found
CVE-2024-10519
The CVE-2024-10519 entry concerns the WordPress plugin Wishlist for WooCommerce Pro, affected in versions 3.0.8–3.1.2. A Reflected Cross-Site Scripting vulnerability exists in the wtab parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inje...
CVE-2024-13774
CVE-2024-13774 (Wishlist for WooCommerce: Multi Wishlists Per Customer) is a CSRF vulnerability in versions up to 3.1.7 caused by missing/incorrect nonce validation in save_to_multiple_wishlist, enabling unauthenticated attackers to trigger settings updates and inject scripts. Connected sources c...