WishlistsController has no access control. Allows public editing of everything.

[mleglise]

That's right, anonymous users can edit and delete other people's wishlists, just by having the right URL. No permission checks are performed.

[sonu1989]

I am also facing the same issue. Getting error when I am trying to delete product from the wishlist. Please resolve this ASAP.

Thank you in Advance.