WooCommerce Wishlist Plugin Insecure Direct Object Reference Vulnerability

A vulnerability allowing unauthorized access to wishlist data has been identified in the WooCommerce Wishlist plugin for WordPress, specifically in versions through 1.8.7. This issue arises from an Insecure Direct Object Reference (IDOR) in the download_pdf_file() function, where user-controlled keys are not properly validated. As a result, unauthenticated attackers can access wishlist information they should not be able to.

Impact

Exploitation of this vulnerability allows for unauthorized extraction of wishlist data, potentially including sensitive information such as customer details and product information.

Reproduction

The vulnerability can be reproduced by sending a request to the download_pdf_file() function without the necessary validation tokens. This can be done by omitting the 'wishlist_token' and 'download_pdf_nonce' parameters, or by sending an invalid nonce. Once the request is processed, the PDF generated will include wishlist items that the requester should not have access to.

Remediation

Users are advised to update the WooCommerce Wishlist plugin to version 1.8.8 or later, where this vulnerability has been patched.