PT-2025-48239 · Automattic+1 · Woocommerce+1
Athiwat Tiprasaharn
+2
·
Publicado
2025-11-27
·
Atualizado
2025-11-27
·
CVE-2025-13157
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QODE Wishlist for WooCommerce plugin versions prior to 1.2.8
Description
The QODE Wishlist for WooCommerce plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from a lack of validation on a user-controlled key within the
qode wishlist for woocommerce wishlist table item callback function. This allows unauthenticated attackers to modify the public view of any wishlist.Recommendations
Update the QODE Wishlist for WooCommerce plugin to version 1.2.8 or later.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qode Wishlist For Woocommerce
Woocommerce