YITH WooCommerce Wishlist Unauthenticated Insecure Direct Object Reference Vulnerability

A vulnerability exists in the YITH WooCommerce Wishlist plugin for WordPress, specifically in versions up to and including 4.10.0. The issue arises from an Insecure Direct Object Reference (IDOR) that allows unauthenticated users to manipulate wishlist data through the REST API and AJAX handlers. The vulnerability enables attackers to access any user's wishlist token ID and rename the wishlist without authorization, potentially leading to defacement, social engineering attacks, mass tampering, and profiling of users in multi-user stores.

Impact

Exploitation of this vulnerability allows for unauthorized access to wishlist token IDs, enabling attackers to rename victims' wishlists without permission. This could be used to disrupt normal user activities, create confusion, or facilitate further social engineering attacks.

Reproduction

To reproduce this vulnerability, send a request to the YITH WooCommerce Wishlist REST API endpoint or the corresponding AJAX handler. Include a user-controlled key to access another user's wishlist token ID. Once obtained, use the token ID to rename the wishlist.

Remediation

Users are advised to update the YITH WooCommerce Wishlist plugin to version 4.10.1 or later.