diff --git a/routes/wishlist/index.js b/routes/wishlist/index.js
index fe6f4b0..5c6a1ff 100644
--- a/routes/wishlist/index.js
+++ b/routes/wishlist/index.js
@@ -161,13 +161,14 @@ module.exports = (db) => {
   })
 
   router.post('/:user/remove/:itemId', verifyAuth(), async (req, res) => {
-    if (req.user._id !== req.params.user) {
-      req.flash('error', _CC.lang('WISHLIST_REMOVE_GUARD'))
-      return res.redirect(`/wishlist/${req.params.user}`)
-    }
-    const doc = await db.get(req.user._id)
+    const doc = await db.get(req.params.user)
     for (let i = 0; i < doc.wishlist.length; i++) {
       if (doc.wishlist[i].id === req.params.itemId) {
+        if (req.user._id !== req.params.user && doc.wishlist[i].addedBy !== req.user._id) {
+          req.flash('error', _CC.lang('WISHLIST_REMOVE_GUARD'))
+          return res.redirect(`/wishlist/${req.params.user}`)
+        }
+
         doc.wishlist.splice(i, 1)
         await db.put(doc)
         req.flash('success', _CC.lang('WISHLIST_REMOVE_SUCCESS'))
diff --git a/views/wishlist.pug b/views/wishlist.pug
index 23cdd63..67673d4 100644
--- a/views/wishlist.pug
+++ b/views/wishlist.pug
@@ -120,7 +120,7 @@ block content
                 td(data-label='Delete Item')
                   form.inline(
                     method='POST',
-                    action=`${_CC.config.base}wishlist/${req.params.user}/${req.user._id === req.params.user ? 'remove' : 'unpledge'}/${item.id}`
+                    action=`${_CC.config.base}wishlist/${req.params.user}/remove/${item.id}`
                   )
                     .field.inline
                       .control.inline