Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wpclever Subscribe
Filtered by product Wpc Smart Wishlist For Woocommerce
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1465 1 Wpclever 1 Wpc Smart Wishlist For Woocommerce 2022-05-24 4.3 MEDIUM 6.1 MEDIUM
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.
CVE-2022-0397 1 Wpclever 1 Wpc Smart Wishlist For Woocommerce 2022-04-04 3.5 LOW 5.4 MEDIUM
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting