Wpc Smart Wishlist For Woocommerce
Approved changes feed: RSS · Atom
cpe:2.3:a:wpclever:wpc_smart_wishlist_for_woocommerce:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wpclever (c57d919d-58d9-59c4-b847-aa59b14dc3fa) |
|---|---|
| Product | Wpc Smart Wishlist For Woocommerce (4483f289-289d-5dee-b16e-99cc67c4ac87) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-32407 |
vulnerable | 2026-06-03 15:20:42.969255 |
WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.
Published: 2026-03-13T11:42:13.638Z
Updated: 2026-04-29T09:51:58.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11742 |
vulnerable | 2026-06-03 14:58:42.986609 |
WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure
MEDIUM (4.3)
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's wishlist data and information.
Published: 2025-10-18T05:41:56.648Z
Updated: 2026-04-08T16:56:40.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11518 |
vulnerable | 2026-06-03 14:58:42.544669 |
WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation
MEDIUM (5.3)
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via several wishlist AJAX functions due to missing validation on a user controlled key that is exposed when wishlists are shared. This makes it possible for unauthenticated attackers to empty and add to other user's wishlists, if they have access to the key.
Published: 2025-10-11T08:29:16.871Z
Updated: 2026-04-08T17:15:42.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34386 |
vulnerable | 2026-06-03 14:52:16.615954 |
WordPress WPC Smart Wishlist for WooCommerce Plugin <= 4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.
Published: 2023-11-09T18:00:48.045Z
Updated: 2026-04-28T16:08:29.139Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.