Vulnerabilities and security researches forwishlist wishlist

Feb 27, 2025

CVE, Research URL: CVE-2025-26915
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: Feb 25, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41.
Affected versions: Min -, max -.
Status: vulnerable

Mar 08, 2025

CVE, Research URL: CVE-2024-12809
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: Mar 07, 2025
Research Description: The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32272
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: Apr 04, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist allows Cross Site Request Forgery. This issue affects Wishlist: from n/a through 1.0.44.
Affected versions: Min -, max -.
Status: vulnerable

Apr 13, 2025

CVE, Research URL: CVE-2025-32618
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: Apr 11, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.43.
Affected versions: Min -, max -.
Status: vulnerable

Apr 20, 2025

CVE, Research URL: CVE-2025-24655
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 1.0.39.
Affected versions: Min -, max -.
Status: vulnerable

May 18, 2025

CVE, Research URL: CVE-2025-31062
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: May 16, 2025
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-31063
Home page URL: Security reports for Wishlist
Application: Wishlist
Date: May 16, 2025
Research Description: Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
Affected versions: Min -, max -.
Status: vulnerable