Medium severity6.5NVD Advisory· Published Nov 25, 2025· Updated Apr 15, 2026
CVE-2025-12040
CVE-2025-12040
Description
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.3 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to modify other user's wishlists
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.1.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.