2025-11-27 06:42:13
Wordfence
PUBLISHED
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the qode_wishlist_for_woocommerce_wishlist_table_item_callback function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to update the public view of arbitrary wishlists.