WordPress Plugin Vulnerabilities

MC Woocommerce Wishlist < 1.7.3 - Missing Authorization

Description

The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
smart-wishlist-for-more-convert
Fixed in 1.7.3

References

CVE
CVE-2024-34819
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/413d1e3d-373f-4275-a8f8-910c33a32f4f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
30fda33b-caec-4024-95a6-b8693ede2ab9

Timeline

Publicly Published
2024-05-09 (about 2 years ago)
Added
2024-05-15 (about 1 year ago)
Last Updated
2024-05-15 (about 1 year ago)

Other

Published
Title
Published
2026-03-17
Title
avalex – Automatisch sichere Rechtstexte < 3.1.4 - Missing Authorization
Published
2026-01-09
Title
Proxy & VPN Blocker < 3.5.4 - Missing Authorization
Published
2024-03-04
Title
Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing
Published
2024-11-20
Title
My Contador lesr < 2.1 - Missing Authorization to Unauthenticated User Registration CSV Export
Published
2024-12-02
Title
Tutor LMS Elementor Addons < 2.1.6 - Missing Authorization