5.3
CVE-2025-11741
- EPSS 0.06%
- Veröffentlicht 18.10.2025 06:42:44
- Zuletzt bearbeitet 21.10.2025 19:31:25
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
Mögliche Gegenmaßnahme
WPC Smart Quick View for WooCommerce: Update to version 4.2.6, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WPC Smart Quick View for WooCommerce
Version
* - 4.2.5
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerwpclever
≫
Produkt
WPC Smart Quick View for WooCommerce
Default Statusunaffected
Version <=
4.2.5
Version
*
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.174 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.