PT-2025-46249 · WordPress · Wisly
Itthidej Aramsri
·
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-11532
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Wisly plugin for WordPress versions prior to 1.0.1
Description
The Wisly plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions up to and including 1.0.0. This is due to a lack of validation on the
wishlist id user-controlled key. This allows unauthenticated attackers to manipulate wishlists belonging to other users, specifically adding and removing items.Recommendations
Update the Wisly plugin to version 1.0.1 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wisly