PT-2025-48239 · Automattic+1 · Woocommerce+1
Athiwat Tiprasaharn
+2
·
Published
2025-11-27
·
Updated
2025-11-27
·
CVE-2025-13157
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QODE Wishlist for WooCommerce plugin versions prior to 1.2.8
Description
The QODE Wishlist for WooCommerce plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from a lack of validation on a user-controlled key within the
qode wishlist for woocommerce wishlist table item callback function. This allows unauthenticated attackers to modify the public view of any wishlist.Recommendations
Update the QODE Wishlist for WooCommerce plugin to version 1.2.8 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qode Wishlist For Woocommerce
Woocommerce