{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32407", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:14.586Z", "datePublished": "2026-03-13T11:42:13.638Z", "dateUpdated": "2026-04-29T09:51:58.963Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-smart-wishlist", "product": "WPC Smart Wishlist for WooCommerce", "vendor": "WPClever", "versions": [{"changes": [{"at": "5.0.9", "status": "unaffected"}], "lessThanOrEqual": "5.0.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yash Vardhan Tripathi | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:57.350Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.</p>"}], "value": "Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.963Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woo-smart-wishlist/vulnerability/wordpress-wpc-smart-wishlist-for-woocommerce-plugin-5-0-8-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T18:55:00.505606Z", "id": "CVE-2026-32407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:55:19.154Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T18:55:00.505606Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T18:55:16.236Z"}}], "cna": {"title": "WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Yash Vardhan Tripathi | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WPClever", "product": "WPC Smart Wishlist for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "5.0.9", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "5.0.8"}], "packageName": "woo-smart-wishlist", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:05:57.350Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-smart-wishlist/vulnerability/wordpress-wpc-smart-wishlist-for-woocommerce-plugin-5-0-8-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.963Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32407", "state": "PUBLISHED", "dateUpdated": "2026-04-29T09:51:58.963Z", "dateReserved": "2026-03-12T11:11:14.586Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:13.638Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPClever WPC Smart Wishlist para WooCommerce woo-smart-wishlist permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WPC Smart Wishlist para WooCommerce: desde n/a hasta &lt;= 5.0.8."}], "id": "CVE-2026-32407", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:57.210", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woo-smart-wishlist/vulnerability/wordpress-wpc-smart-wishlist-for-woocommerce-plugin-5-0-8-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.0.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WPC Smart Wishlist for WooCommerce", "source": "cna", "vendor": "WPClever"}, "product": "wpc_smart_wishlist_for_woocommerce", "vendor": "wpclever"}], "analysis": {"en": {"generated_at": "2026-03-19T15:22:59.409718+00:00", "value": {"mitigation_remediation": ["Apply the latest plugin update that addresses the access control issue.", "If an update is not yet available, disable or remove the plugin until a fix is released.", "Verify that no users have exposed wishlist content by reviewing plugin role assignments and access permissions.", "Monitor the plugin for any future security advisories or updates."], "summary": {"action": "Patch", "impact": "Unauthorized Access"}, "threat_synthesis": {"affected_systems": "The affected vendor is WPClever and the product is the WPC Smart Wishlist for WooCommerce plugin. All releases through version 5.0.8 are impacted, including earlier unversioned or legacy releases. No higher version is specified as affected.", "description_and_impact": "The vulnerability is a Missing Authorization issue in the WordPress WPC Smart Wishlist for WooCommerce plugin allowing an attacker to bypass the plugin's access control and access wishlist functionality or data that should be protected. This enforcement weakness is classified as CWE\u2011862 and can potentially expose confidential wishlist information or alter wishlist state. The brief description indicates a simple access control bypass rather than external code execution or DoS.", "risk_and_exploitability": "The CVSS v3.1 score is 4.3, indicating a Moderate severity. The EPSS score is below 1%, implying a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Because the issue is a Missing Authorization flaw, the likely attack vector is client\u2011side interaction with the plugin's endpoints or administrative console, and no elevated privileges are required. An attacker exploiting this flaw could read or modify wishlist data without authentication."}}}}, "created": "2026-03-16T09:34:05.430851+00:00", "updated": "2026-03-23T12:03:55.531808+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpclever", "wpclever$PRODUCT$wpc_smart_wishlist_for_woocommerce"]}