CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37112 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37112
20 Jun 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Membership Software WishList Member X. Este problema afecta a WishList Member X: desde n/a antes de 3.26.7. The WishList Member X plugin for WordPress is vulnerable SQL Injection in versions ... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-arbitrary-sql-query-execution-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37110 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability
https://notcve.org/view.php?id=CVE-2024-37110
20 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a antes del 3.26.7. The Wishlist Member plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-settings-users-data-dump-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-37113 – WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability
https://notcve.org/view.php?id=CVE-2024-37113
20 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el software de membresía WishList Member X. Este problema afecta a WishList Member X: desde n/a antes del 3.26.7. The Wishlist Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.1 du... • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-unauthenticated-database-backup-download-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34385 – WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34385
30 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en YITH YITH WooCommerce Wishlist permite XSS almacenado. Este problema afecta a YITH WooCommerce Wishlist: desde n/a hasta 3.32.0. The YITH WooCommerce W... • https://patchstack.com/database/vulnerability/yith-woocommerce-wishlist/wordpress-yith-woocommerce-wishlist-plugin-3-32-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34813 – WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34813
09 May 2024 — Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8. Vulnerabilidad de autorización faltante en MoreConvert MC Woocommerce Wishlist. Este problema afecta a MC Woocommerce Wishlist: desde n/a hasta 1.7.8. The MC Woocommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_item() function in versions up to, and including, 1.7.8. This makes it... • https://patchstack.com/database/vulnerability/smart-wishlist-for-more-convert/wordpress-woocommerce-wishlist-plugin-1-7-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34819 – WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34819
09 May 2024 — Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2. Vulnerabilidad de autorización faltante en MoreConvert MC Woocommerce Wishlist. Este problema afecta a MC Woocommerce Wishlist: desde n/a hasta 1.7.2. The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions... • https://patchstack.com/database/vulnerability/smart-wishlist-for-more-convert/wordpress-mc-woocommerce-wishlist-plugin-1-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3354
https://notcve.org/view.php?id=CVE-2015-3354
21 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. Vulnerabilidad de CSRF en el módulo Wishlist anterior a 6.x-2.7 y 7.x-2.x anterior a 7.x-2.7 para Drupal permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que eliminan las intenciones de com... • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3357
https://notcve.org/view.php?id=CVE-2015-3357
21 Apr 2015 — Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. Vulnerabilidad de XSS en el módulo Wishlist anterior a 6.x-2.7 y 7.x-2.x anterior a 7.x-2.7 para Drupal permite a usuarios remotos autenticados con el permiso 'acceder a las listas de compra' inyectar secuenci... • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •