CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30879 – WordPress MC Woocommerce Wishlist plugin <= 1.8.9 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-30879
27 Mar 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in moreconvert MC Woocommerce Wishlist allows SQL Injection. This issue affects MC Woocommerce Wishlist: from n/a through 1.8.9. The MC Woocommerce Wishlist plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated a... • https://patchstack.com/database/wordpress/plugin/smart-wishlist-for-more-convert/vulnerability/wordpress-mc-woocommerce-wishlist-plugin-1-8-9-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26915 – WordPress Wishlist Plugin <= 1.0.41 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26915
23 Feb 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41. The Wishlist plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and... • https://patchstack.com/database/wordpress/plugin/wishlist/vulnerability/wordpress-wishlist-plugin-1-0-41-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24657 – WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24657
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2. The Wishlist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and abov... • https://patchstack.com/database/wordpress/plugin/wt-woocommerce-wishlist/vulnerability/wordpress-wishlist-for-woocommerce-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22505 – WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-22505
07 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1. The NC Wishlist for Woocommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo... • https://patchstack.com/database/wordpress/plugin/nc-wishlist-for-woocommerce/vulnerability/wordpress-nc-wishlist-for-woocommerce-plugin-1-0-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 71%CPEs: 1EXPL: 1CVE-2024-43917 – WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43917
22 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. The TI WooCommerce Wishlist plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthe... • https://github.com/p33d/CVE-2024-43917 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37106 – WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-37106
20 Jun 2024 — Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the a function in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scri... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unautenticated-plugin-settings-change-leading-to-stored-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37108 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37108
20 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.This issue affects WishList Member X: from n/a through 3.26.6. The Wishlist Member plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.25.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the s... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37107 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-37107
20 Jun 2024 — Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de gestión de privilegios inadecuada en el software de membresía WishList Member X permite la escalada de privilegios. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.25.1. This makes i... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37109 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37109
20 Jun 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en el software de membresía WishList Member X permite la inyección de código. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to Remote Code Execution in ... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37111 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability
https://notcve.org/view.php?id=CVE-2024-37111
20 Jun 2024 — Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Vulnerabilidad de autorización faltante en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a hasta 3.25.1. The Wishlist Member plugin for WordPress is vulnerable to denial of service in all versions up to, and including, 3.25.1. This makes it possible for unauthenticated attackers to limit access to a site. • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-denial-of-service-attack-vulnerability?_s_id=cve • CWE-400: Uncontrolled Resource Consumption CWE-862: Missing Authorization •