Skip to main content

Mc Woocommerce Wishlist

1 CVEs product

Monthly

CVE-2026-57356 HIGH This Week

Reflected/stored cross-site scripting in the MC WooCommerce Wishlist WordPress plugin (also distributed as 'Smart Wishlist for MoreConvert') affects all versions up to and including 1.9.19, letting remote unauthenticated attackers inject malicious script that executes in a victim's browser after the victim interacts with a crafted link or request. The scope-changed CVSS 3.1 score of 7.1 reflects that injected script runs in the WordPress site's origin, enabling session/cookie theft or actions against other users. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

WordPress XSS Mc Woocommerce Wishlist
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored cross-site scripting in the MC WooCommerce Wishlist WordPress plugin (also distributed as 'Smart Wishlist for MoreConvert') affects all versions up to and including 1.9.19, letting remote unauthenticated attackers inject malicious script that executes in a victim's browser after the victim interacts with a crafted link or request. The scope-changed CVSS 3.1 score of 7.1 reflects that injected script runs in the WordPress site's origin, enabling session/cookie theft or actions against other users. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

WordPress XSS Mc Woocommerce Wishlist
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy