2022-03-28 17:22:48
WPScan
PUBLISHED
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX actions response (available to any authenticated user), leading to a Reflected Cross-Site Scripting