cleantalk
Vulnerabilities and Security Researches

Wishlist for WooCommerce: Multi Wishlists Per Customer, CVE-2024-13774

CVE, Research URL

CVE-2024-13774

Home page URL

Security reports for Wishlist for WooCommerce: Multi Wishlists Per Customer

Application

Wishlist for WooCommerce: Multi Wishlists Per Customer

Published on
Mar 08, 2025
Research Description
The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.1.8.
Status
vulnerable
Previous vulnerability researches
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-56228) , Dec 23, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-48237) , May 27, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-10519) , Nov 24, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-49319) , Jul 18, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-13774) , Mar 08, 2025
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025