{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4432", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-03-19T16:03:07.509Z", "datePublished": "2026-04-10T06:00:15.515Z", "dateUpdated": "2026-04-10T18:35:19.917Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-10T06:00:15.515Z"}, "title": "YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "YITH WooCommerce Wishlist", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "4.13.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "references": [{"url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Chiao-Lin Yu (Steven Meow)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T18:34:50.746341Z", "id": "CVE-2026-4432", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:35:19.917Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4432", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T18:34:50.746341Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T18:35:15.330Z"}}], "cna": {"title": "YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Chiao-Lin Yu (Steven Meow)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "YITH WooCommerce Wishlist", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-10T06:00:15.515Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4432", "state": "PUBLISHED", "dateUpdated": "2026-04-10T18:35:19.917Z", "dateReserved": "2026-03-19T16:03:07.509Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-10T06:00:15.515Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site."}], "id": "CVE-2026-4432", "lastModified": "2026-04-10T19:16:26.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-10T07:16:21.237", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/2f052086-b691-48df-9b08-2cb1db65e14e/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.13.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "YITH WooCommerce Wishlist", "source": "cna", "vendor": "Unknown"}, "product": "yith_woocommerce_wishlist", "vendor": "yithemes"}], "analysis": {"en": {"generated_at": "2026-04-10T07:50:34.527348+00:00", "value": {"mitigation_remediation": ["Update YITH WooCommerce Wishlist to version 4.13.0 or later", "Verify that any previously named wishlists have not been altered unexpectedly", "Monitor user wishlist changes for unexpected activity"], "summary": {"action": "Patch Now", "impact": "Unauthenticated IDOR allowing wishlist renaming"}, "threat_synthesis": {"affected_systems": "Any WordPress site that has the YITH WooCommerce Wishlist plugin installed and running a version earlier than 4.13.0 is affected. The vulnerability resides in the plugin itself and does not depend on specific versions of WordPress core or other plugins, so the impact applies to all installations of the affected plugin release.", "description_and_impact": "The YITH WooCommerce Wishlist plugin for WordPress contains a flaw that allows an attacker to rename any user's wishlist without authentication. The AJAX endpoint save_title validates only a nonce that is embedded in the page source of the public /wishlist/ page, so an unauthenticated user can obtain the nonce, send a request, and change the title of any wishlist. This compromises data integrity, can mislead users, and facilitates social engineering or brand confusion. The weakness is an Insecure Direct Object Reference.", "risk_and_exploitability": "Because no authentication is required and the required nonce is publicly retrievable, the attack path is straightforward. While no CVSS score is provided in the CVE data, the inherent privilege escalation and potential for user confusion suggest high impact. The EPSS score is unavailable and the vulnerability is not listed in CISA\u2019s KEV catalog; however the lack of mitigation and clear exploitation steps increase the likelihood that servers will be targeted once the exploit is discovered."}}}}, "created": "2026-04-10T08:35:35.190903+00:00", "updated": "2026-04-10T09:26:36.606214+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "yithemes", "yithemes$PRODUCT$yith_woocommerce_wishlist"], "weaknesses": ["CWE-639", "CWE-284"]}