Primary

Context

WPC Smart Wishlist for WooCommerce Missing Authorization Vulnerability Allowing Unauthorized Data Access

Vulnerability

Patched

A vulnerability exists in the WPC Smart Wishlist for WooCommerce plugin for WordPress, in all versions through 5.0.4. The issue arises from a lack of proper capability checks on the 'wishlist_quickview' AJAX action, allowing authenticated attackers with Subscriber-level access or higher to access and view other users' wishlist data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to and exposure of other users' wishlist information.

Remediation

Users can update to version 5.0.5 or a newer patched version to address this vulnerability.

Added: Oct 18, 2025, 6:17 AM

Updated: Oct 18, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPC Smart Wishlist for WooCommerce Missing Authorization Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

WPC Smart Wishlist for WooCommerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating