cleantalk
Vulnerabilities and Security Researches

Wishlist for WooCommerce: Multi Wishlists Per Customer, CVE-2025-48237

CVE, Research URL

CVE-2025-48237

Home page URL

Security reports for Wishlist for WooCommerce: Multi Wishlists Per Customer

Application

Wishlist for WooCommerce: Multi Wishlists Per Customer

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 3.2.2.
Affected versions
Min -, max 3.2.3.
Status
vulnerable
Previous vulnerability researches
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-56228) , Dec 23, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-48237) , May 27, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-10519) , Nov 24, 2024
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2025-49319) , Jul 18, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer (CVE-2024-13774) , Mar 08, 2025
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025