← Back

Woocommerce Wishlist

woocommerce_wishlist

Vendor: Moreconvert • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13694
1Moreconvert
1Woocommerce Wishlist
Feb 4, 2025
Jan 30, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the...Show more
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to.Show less
CVE-2024-34819
1Moreconvert
1Woocommerce Wishlist
Apr 23, 2026
Jun 11, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.2.