PT-2025-48252 · WordPress · Quick View For Woocommerce
Athiwat Tiprasaharn
·
Published
2025-11-27
·
Updated
2025-11-27
·
CVE-2025-12584
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Quick View for WooCommerce plugin for WordPress versions up to and including 2.2.17
Description
The Quick View for WooCommerce plugin for WordPress is susceptible to information disclosure. This issue affects versions prior to and including 2.2.17. An unauthenticated attacker can potentially extract data from private products that they are not authorized to access. This is due to insufficient restrictions on which products can be included via the
wqv popup content API endpoint.Recommendations
Update the Quick View for WooCommerce plugin to a version later than 2.2.17.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quick View For Woocommerce