CVE ID :CVE-2026-4432 Published : April 10, 2026, 6 a.m. | 1 hour, 15 minutes ago Description :The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, making it possible for unauthenticated attackers to rename any wishlist belonging to any user on the site. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...