Pickplugins Wishlist
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pickplugins Wishlist.
By the Year
In 2026 there have been 0 vulnerabilities in Pickplugins Wishlist. Last year, in 2025 Wishlist had 4 security vulnerabilities published. Right now, Wishlist is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 7.45 |
It may take a day or so for new Wishlist vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pickplugins Wishlist Security Vulnerabilities
PickPlugins Wishlist XSS via Reflected Input (<=1.0.39)
CVE-2025-24655
- April 17, 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 1.0.39.
XSS
SQLI in PickPlugins Wishlist (1.0.43+) via Improper Input Validation
CVE-2025-32618
8.5 - High
- April 11, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46.
SQL Injection
Stored XSS via wishlist_button Shortcode in Wishlist Plugin <=1.0.43
CVE-2024-12809
6.4 - Medium
- March 07, 2025
The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
SQLi in PickPlugins Wishlist <=1.0.41
CVE-2025-26915
- February 25, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.41.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pickplugins Wishlist or by Pickplugins? Click the Watch button to subscribe.
