cleantalk
Vulnerabilities and Security Researches

WPC Smart Quick View for WooCommerce, CVE-2025-11741

CVE, Research URL

CVE-2025-11741

Home page URL

Security reports for WPC Smart Quick View for WooCommerce

Application

WPC Smart Quick View for WooCommerce

Published on
Oct 18, 2025
Research Description
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
Affected versions
max 4.2.6.
Status
vulnerable
Previous vulnerability researches
Pagerank tools (CVE-2025-12416) , Nov 10, 2025
Pagerank tools (CVE-2024-5730) , Jun 17, 2024
New vulnerability
Community Events (CVE-2025-10587) , Nov 11, 2025
Community Events (CVE-2025-10586) , Nov 11, 2025
Community Events (CVE-2025-11995) , Nov 11, 2025
Simple Downloads List (CVE-2025-12583) , Nov 11, 2025
TempTool [Show Current Template Info] (CVE-2025-62955) , Nov 11, 2025