CVE-2025-13157 – QODE Wishlist for WooCommerce

CVE ID : CVE-2025-13157

Published : Nov. 27, 2025, 7:15 a.m. | 1 hour, 7 minutes ago

Description : The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the ‘qode_wishlist_for_woocommerce_wishlist_table_item_callback’ function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to update the public view of arbitrary wishlists.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-54057 – Apache SkyWalking: Stored XSS vulnerability

CVE-2025-59302 – Apache CloudStack: Potential remote code execution on Javascript engine defined rules

CVE-2025-59454 – Apache CloudStack: Lack of user permission validation leading to data leak for few APIs

CVE-2025-59890 – Eaton Galileo Local File Inclusion Vulnerability