Latest

Input validation vulnerability in WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) 1.5.4

Severity: medium-risk
Status: Open
Publication: April 10, 2023

The MC Woocommerce Wishlist plugin for WordPress can be vulnerable to Cross-Site Request Forgery in certain versions. This means that if a person can get another user to click on a link, they can make changes to the other user’s cart without authentication. This is due to problems with certain AJAX functions that should validate the user’s identity not working properly. Versions up to and including 1.5.4 are affected.

Detected in:

All-in-One Marketing: WooCommerce Wishlist, Low Stock & Back-in-Stock Waitlist, Save for Later, Bundle Builder, Email & More! fixed vulnerable versions:

MC WooCommerce Wishlist fixed vulnerable versions:

MoreConvert Wishlist for WooCommerce fixed vulnerable versions:

MoreConvert: WooCommerce Save for Later, Wishlist, Back-in-Stock, Price Change, Low Stock, On Sale Notifications, Email Automation, Next Order Coupons fixed vulnerable versions:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, Lightweight) fixed vulnerable versions:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) fixed vulnerable versions:

WooCommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features) fixed vulnerable versions:

WooCommerce Wishlist, Back-in-Stock Waitlist,Save for Later, Email Marketing & More!(Free Elementor Wishlist) fixed vulnerable versions:

WooCommerce Wishlist, Low Stock & Back-in-Stock Waitlist, Save for Later, Bundle Builder, Email & So More!(All-in-One Marketing) fixed vulnerable versions:

WooCommerce Wishlist, Save for Later, Back-in-Stock, Price Change, Low Stock, On Sale Notifications, Email Marketing Automation fixed vulnerable versions:

WooCommerce Wishlist: Your Ultimate Marketing Tool fixed vulnerable versions:

Woocoommerce Wishlist for Website Designers (High customization, fast setup,Free Elementor Wishlist, most features) fixed vulnerable versions:

WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) open vulnerable versions: >= * <= 1.5.4

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Input validation vulnerability in WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) 1.5.4

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Input validation vulnerability in WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) 1.5.4

Detected in: