CVE-2026-4432 | YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress AJAX /wishlist/ save_title authorization

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability was found in YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress. It has been rated as critical. Affected by this issue is the function save_title of the file /wishlist/ of the component AJAX Handler. This manipulation causes missing authorization.

This vulnerability is tracked as CVE-2026-4432. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-4432 | YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress AJAX /wishlist/ save_title authorization

Post correlati

CVE-2025-31698 | Apache Traffic Server up to 9.2.10/10.0.5 Proxy Protocol access control

CVE-2025-15108 | PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 JWT Secret config.yml key hard-coded key

CVE-2024-42360 | wurmlab sequenceserver up to 3.1.1 HTTP Endpoint command injection (GHSA-qv32-5wm2-p32h)

CVE-2024-40515 | Tenda AX2pro 16.03.29.48_cn Routing Privilege Escalation