Vulnerabilities and security researches forwishlist-and-compare wishlist-and-compare

Jun 07, 2024

CVE, Research URL: d16ff76f2758ae5cd2524881fb65080698c295c3
Home page URL: Security reports for Wishlist and Compare for WooCommerce
Application: Wishlist and Compare for WooCommerce
Date: May 08, 2021
Research Description: Wishlist and Compare for WooCommerce [wishlist-and-compare] < 1.0.5 Wishlist and Compare for WooCommerce <= 1.0.4 - Authorization Bypass The Wishlist and Compare for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to edit plugin settings.
Affected versions: max 1.0.5.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: ad09a648-3c34-4870-b156-097af4fd7a57
Home page URL: Security reports for Wishlist and Compare for WooCommerce
Application: Wishlist and Compare for WooCommerce
Date: -
Research Description: Wishlist and Compare for WooCommerce [wishlist-and-compare] < 1.0.5 ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call Some AJAX actions did not have proper CSRF and authorisation checks, allowing unauthorised call either via unauthenticated/low privilege users or CSRF, which could allow attackers to reset or change the settings of the plugin for example
Affected versions: max 1.0.5.
Status: vulnerable