2025-11-11 03:30:47
Wordfence
PUBLISHED
The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.0 due to missing validation on the wishlist_id user controlled key. This makes it possible for unauthenticated attackers to remove and add items to other users wishlists.