Vulnerabilities and security researches forsmart-wishlist-for-more-convert smart-wishlist-for-more-convert

Jun 07, 2024

CVE, Research URL: CVE-2024-34813
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Jun 11, 2024
Research Description: Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 9bee742504388edba766dd5d8036dff85bd5a60e
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Apr 10, 2023
Research Description: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) [smart-wishlist-for-more-convert] < 1.5.5 MC Woocommerce Wishlist <= 1.5.4 - Cross-Site Request Forgery The MC Woocommerce Wishlist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on several AJAX functions including add_to_cart, add_to_wishlist, load_analytics, change_layout, remove_from_wishlist, delete_item, update_item_quantity, load_fragments. This makes it possible for unauthenticated attackers to modify other user's carts via a forged request granted they can trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-34819
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Jun 11, 2024
Research Description: Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.
Affected versions: Min -, max -.
Status: vulnerable

Feb 01, 2025

CVE, Research URL: CVE-2024-13694
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Jan 30, 2025
Research Description: The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to.
Affected versions: Min -, max -.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30879
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Mar 27, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in moreconvert MC Woocommerce Wishlist allows SQL Injection. This issue affects MC Woocommerce Wishlist: from n/a through 1.8.9.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-47487
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Date: Jun 09, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.
Affected versions: Min -, max -.
Status: vulnerable