PT-2025-41649 · WordPress · Wpc Smart Wishlist For Woocommerce
Athiwat Tiprasaharn
+1
·
Published
2025-10-11
·
Updated
2025-10-11
·
CVE-2025-11518
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WPC Smart Wishlist for WooCommerce plugin for WordPress versions up to and including 5.0.3
Description
The software is susceptible to an Insecure Direct Object Reference issue in several wishlist AJAX functions. This is due to a lack of validation on a user-controlled key that is exposed when wishlists are shared. This allows unauthenticated attackers to manipulate other users' wishlists, including adding items and emptying them, if they have access to the key.
Recommendations
Update the WPC Smart Wishlist for WooCommerce plugin to a version later than 5.0.3.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpc Smart Wishlist For Woocommerce