{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4432", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-03-19T16:03:07.509Z", "datePublished": "2026-04-10T06:00:15.515Z", "dateUpdated": "2026-04-10T18:35:19.917Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-10T06:00:15.515Z"}, "title": "YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "YITH WooCommerce Wishlist", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "4.13.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "references": [{"url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Chiao-Lin Yu (Steven Meow)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T18:34:50.746341Z", "id": "CVE-2026-4432", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:35:19.917Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4432", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T18:34:50.746341Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:35:15.330Z"}}], "cna": {"title": "YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Chiao-Lin Yu (Steven Meow)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "YITH WooCommerce Wishlist", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-10T06:00:15.515Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4432", "state": "PUBLISHED", "dateUpdated": "2026-04-10T18:35:19.917Z", "dateReserved": "2026-03-19T16:03:07.509Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-10T06:00:15.515Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "id": "CVE-2026-4432", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-10T07:16:21.237", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.13.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "YITH WooCommerce Wishlist", "source": "cna", "vendor": "Unknown"}, "product": "yith_woocommerce_wishlist", "vendor": "yithemes"}], "analysis": {"en": {"generated_at": "2026-04-13T15:57:50.474140+00:00", "value": {"mitigation_remediation": ["Update YITH WooCommerce Wishlist to version 4.13.0 or later.", "If an update is unavailable, temporarily disable or restrict the AJAX endpoint that handles wishlist renaming until a patch can be applied.", "Monitor the site for unexpected wishlist name changes and review access logs for anomalous activity."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized modification of user wishlists"}, "threat_synthesis": {"affected_systems": "Any WordPress site that installs the YITH WooCommerce Wishlist plugin prior to version 4.13.0 is affected. The plugin, developed by YITH, is commonly used for e\u2011commerce wishlists. No further version details are supplied; therefore, all releases before 4.13.0 should be considered vulnerable.", "description_and_impact": "The YITH WooCommerce Wishlist plugin allows an attacker to rename any user's wishlist. The vulnerability stems from inadequate validation of wishlist ownership in the save_title() AJAX handler. Only a nonce is checked, and the nonce is publicly exposed on the /wishlist/ page, enabling unauthenticated users to craft a request that changes a wishlist title. The primary impact is the alteration of user data\u2014wishlist names\u2014without consent, affecting the integrity and confidentiality of the wishlist information.", "risk_and_exploitability": "The CVSS score of 6.5 designates medium severity, primarily because the flaw is exploitable without authentication. The EPSS score of less than 1% indicates low probability of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is simple: an unauthenticated attacker accesses the /wishlist/ page, obtains the public nonce, and sends a crafted AJAX request to rename any wishlist. The impact is limited to the integrity of user wishlists and could obscure user intent or mislead other site visitors. The vulnerability does not grant system compromise or data exfiltration."}}}}, "created": "2026-04-10T08:35:35.190903+00:00", "updated": "2026-04-14T16:36:36.560489+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "yithemes", "yithemes$PRODUCT$yith_woocommerce_wishlist"], "weaknesses": ["CWE-639", "CWE-284"]}