Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features), 9bee742504388edba766dd5d8036dff85bd5a60e

CVE, Research URL: 9bee742504388edba766dd5d8036dff85bd5a60e
Home page URL: Security reports for Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Application: Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features)
Published on: Apr 10, 2023
Research Description: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) [smart-wishlist-for-more-convert] < 1.5.5 MC Woocommerce Wishlist <= 1.5.4 - Cross-Site Request Forgery The MC Woocommerce Wishlist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on several AJAX functions including add_to_cart, add_to_wishlist, load_analytics, change_layout, remove_from_wishlist, delete_item, update_item_quantity, load_fragments. This makes it possible for unauthenticated attackers to modify other user's carts via a forged request granted they can trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max 1.5.5.
Status: vulnerable