Premmerce Wishlist For Woocommerce vulnerabilities
4 known vulnerabilities affecting premmerce/premmerce_wishlist_for_woocommerce.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-4974P2MEDIUMCVSS 6.3Exploitedfixed in 1.1.82024-10-16
CVE-2022-4974 [MEDIUM] CWE-862 CVE-2022-4974: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cr
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme runni
nvd
CVE-2026-54849P2CRITICALCVSS 9.3≥ n/a, ≤ 1.1.112026-06-25
CVE-2026-54849 [CRITICAL] CWE-89 CVE-2026-54849: Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
nvd
CVE-2025-60191P3HIGHCVSS 7.5≤ 1.1.102025-11-06
CVE-2025-60191 [HIGH] CWE-98 CVE-2025-60191: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through <= 1.1.10.
nvd
CVE-2025-13440P4MEDIUMCVSS 5.3≤ 1.1.102025-12-12
CVE-2025-13440 [MEDIUM] CWE-862 CVE-2025-13440: The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization i
The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists.
nvd