Approved changes feed: RSS · Atom
cpe:2.3:a:pickplugins:wishlist:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pickplugins (03c448d6-40a7-5ce8-8d7e-bbbe6a0aa644) |
|---|---|
| Product | Wishlist (dca29646-b42c-5f2d-81be-02da8e4c1077) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-49075 |
vulnerable | 2026-06-03 15:01:44.060080 |
WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Stored XSS.This issue affects Wishlist: from n/a through <= 1.0.43.
Published: 2025-06-06T11:35:32.895Z
Updated: 2026-04-28T16:12:58.574Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32618 |
vulnerable | 2026-06-03 15:00:41.515797 |
WordPress Wishlist plugin <= 1.0.46 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.
Published: 2025-04-11T08:42:59.944Z
Updated: 2026-05-12T00:06:37.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32272 |
vulnerable | 2026-06-03 15:00:40.385812 |
WordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Wishlist wishlist allows Cross Site Request Forgery.This issue affects Wishlist: from n/a through <= 1.0.46.
Published: 2025-04-04T15:59:45.434Z
Updated: 2026-04-28T16:12:20.372Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26915 |
vulnerable | 2026-06-03 15:00:08.713308 |
WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.41.
Published: 2025-02-25T14:17:54.129Z
Updated: 2026-04-28T16:11:43.822Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24655 |
vulnerable | 2026-06-03 14:59:56.547863 |
WordPress Wishlist Plugin <= 1.0.39 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 1.0.39.
Published: 2025-04-17T15:48:13.833Z
Updated: 2026-04-28T16:11:31.279Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12809 |
vulnerable | 2026-06-03 14:54:23.208312 |
Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM (6.4)
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-03-07T06:40:03.042Z
Updated: 2026-04-08T16:38:16.774Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.