VYPR
Medium severity5.3NVD Advisory· Published Nov 11, 2025· Updated Apr 15, 2026No known patch

CVE-2025-11532

CVE-2025-11532

Description

The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 due to missing validation on the 'wishlist_id' user controlled key. This makes it possible for unauthenticated attackers to remove and add items to other user's wishlists.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.