YITH WooCommerce Wishlist

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   YITH WooCommerce Wishlist

Information

Software Type Plugin
Software Slug yith-woocommerce-wishlist (view on wordpress.org)
Software Status Active
Software Author yithemes
Software Website yithemes.com
Software Downloads 31,437,803
Software Active Installs 400,000
Software Record Last Updated June 18, 2026

10 Vulnerabilities

Submit a Vulnerability
YITH WooCommerce Wishlist <= 4.12.0 - Unauthenticated Insecure Direct Object Reference
5.3
CVE-2026-27329
May 7, 2026
Researcher: PPzzAArr
YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Insecure Direct Object Reference to Wishlist Rename
5.3
CVE-2026-4432
Mar 20, 2026
Researcher: Chiao-Lin Yu (Steven Meow)
YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion
5.3
CVE-2025-12777
Nov 18, 2025
Researcher: Athiwat Tiprasaharn (Jitlada)
YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename
5.3
CVE-2025-12427
Nov 18, 2025
Researcher: Athiwat Tiprasaharn (Jitlada)
YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
6.4
CVE-2025-5238
Jun 13, 2025
Researcher: Asaf Mozes
YITH WooCommerce Wishlist <= 3.32.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-34385
May 30, 2024
Researcher: SavPhill (Savphill)
YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization
7.1
CVE ID Unknown
Nov 11, 2022
Researchers:
YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery
4.3
CVE-2022-44630
Nov 11, 2022
Researcher: István Márton
YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change
4.3
CVE-2019-16251
Oct 31, 2019
Researcher: Jerome Bruandet
YITH WooCommerce Wishlist <= 2.1.2 - SQL Injection
6.1
CVE ID Unknown
Jan 16, 2018
Researcher: John Castro
Title Status CVE ID CVSS Researchers Date
YITH WooCommerce Wishlist <= 4.12.0 - Unauthenticated Insecure Direct Object Reference Patched CVE-2026-27329 5.3 PPzzAArr May 7, 2026
YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Insecure Direct Object Reference to Wishlist Rename Patched CVE-2026-4432 5.3 Chiao-Lin Yu (Steven Meow) March 20, 2026
YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion Patched CVE-2025-12777 5.3 Athiwat Tiprasaharn (Jitlada) November 18, 2025
YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename Patched CVE-2025-12427 5.3 Athiwat Tiprasaharn (Jitlada) November 18, 2025
YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Patched CVE-2025-5238 6.4 Asaf Mozes June 13, 2025
YITH WooCommerce Wishlist <= 3.32.0 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-34385 4.4 SavPhill (Savphill) May 30, 2024
YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization Patched 7.1 November 11, 2022
YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery Patched CVE-2022-44630 4.3 István Márton November 11, 2022
YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change Patched CVE-2019-16251 4.3 Jerome Bruandet October 31, 2019
YITH WooCommerce Wishlist <= 2.1.2 - SQL Injection Patched 6.1 John Castro January 16, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation