YITH WooCommerce Wishlist

Vulnerabilities 14Slug yith-woocommerce-wishlistLatest version 4.14.0WordPress.org →

Minimum safe version

4.13.0

Update to 4.13.0 or later to address 13 fixable vulnerabilities

Latest available4.14.0 ⚠ 1 vulnerability has no fix
Medium 5.3
2026-05-07< 4.13.0

CVE-2026-27329

CVE
N/A Unfixed
≤ 4.10.0

YITH WooCommerce Wishlist &lt;= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

Wordfence
N/A
2026-03-20< 4.13.0

YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Insecure Direct Object Reference to Wishlist Rename

WordfenceCVE
Medium 6.4
2025-06-17< 4.6.0

WordPress YITH WooCommerce Wishlist Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

PatchstackWordfenceCVE
N/A
2018-01-16< 2.2.0

YITH WooCommerce Wishlist <= 2.1.2 - SQL Injection

Wordfence
N/A
2022-11-11< 3.15.0

YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery

WordfenceCVEWPScan
N/A
2022-11-11< 3.15.0

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Wordfence
N/A
< 3.15.0

WordPress YITH WooCommerce Wishlist Plugin <= 3.14.0 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack
N/A
< 2.2.0

YITH WooCommerce Wishlist &lt;= 2.1.2 - Authenticated SQL Injection

WPScan
N/A
2018-01-17< 2.2.0

WordPress YITH WooCommerce Wishlist plugin <=2.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Patchstack