Vulnerabilities

CVE-2025-12040

by Fred · 25/11/2025

The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to modify other user’s wishlists

More information : https://wordpress.org/plugins/th-wishlist/

Similar

Tags: Cybersecurity Alert