CVE-2026-4432 | YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress AJAX /wishlist/ save_title authorization

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability was found in YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress. It has been rated as critical. Affected by this issue is the function save_title of the file /wishlist/ of the component AJAX Handler. This manipulation causes missing authorization.

This vulnerability is tracked as CVE-2026-4432. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-4432 | YITH WooCommerce Wishlist Plugin up to 4.12.x on WordPress AJAX /wishlist/ save_title authorization

Post correlati

CVE-2024-7855 | WP Hotel Booking Plugin up to 2.1.2 on WordPress unrestricted upload

CVE-2023-49347 | budgie-wpreviews 2.1 temp file

CVE-2025-11407 | D-Link DI-7001 MINI 24.04.18B1 /upgrade_filter.asp path os command injection

CVE-2020-26629 | Hospital Management System 4.0 JQuery unrestricted upload (ID 176302)