CVE-2025-12777

EPSS 0.27%
Veröffentlicht 19.11.2025 03:29:38
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => '__return_true') and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the exposed delete_item nonce on shared wishlist pages and the AJAX handler's missing object-level authorization check.

Mögliche Gegenmaßnahme

YITH WooCommerce Wishlist: Update to version 4.10.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstelleryithemes

≫

Produkt YITH WooCommerce Wishlist

Default Statusunaffected

Version <= 4.10.0

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt YITH WooCommerce Wishlist

Version *-4.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.184

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L56

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3394933%40yith-woocommerce-wishlist%2Ftrunk&old=3379519%40yith-woocommerce-wishlist%2Ftrunk&sfp_email=&sfph_mail=#file0

https://www.wordfence.com/threat-intel/vulnerabilities/id/0088a97c-5a06-4500-a923-242499596aca?source=cve

https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/rest-api/controllers/v1/class-yith-wcwl-rest-v1-lists-controller.php#L96

https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-frontend.php#L740

https://plugins.trac.wordpress.org/browser/yith-woocommerce-wishlist/tags/4.10.0/includes/class-yith-wcwl-ajax-handler.php#L222

https://www.wordfence.com/threat-intel/vulnerabilities/id/0088a97c-5a06-4500-a923-242499596aca

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-12777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12777

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-12777