CVE-2025-12087 – Wishlist and Save for later for Woocommerce

CVE ID : CVE-2025-12087

Published : Nov. 12, 2025, 5:15 a.m. | 16 minutes ago

Description : The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the ‘awwlm_remove_added_wishlist_page’ AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete wishlist items from other user’s wishlists.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…