cleantalk
Vulnerabilities and Security Researches

Wishlist for WooCommerce: Multi Wishlists Per Customer, CVE-2024-10519

CVE, Research URL

CVE-2024-10519

Home page URL

Security reports for Wishlist for WooCommerce: Multi Wishlists Per Customer

Application

Wishlist for WooCommerce: Multi Wishlists Per Customer

Published on
Nov 23, 2024
Research Description
The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note: Only WordPress installations with versions of PHP <=7.4 are affected by this vulnerability.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-56228) , Dec 23, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-48237) , May 27, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-10519) , Nov 24, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-49319) , Jul 18, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-13774) , Mar 08, 2025
New vulnerability
Wallet System for WooCommerce &#8211; Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025