cleantalk
Vulnerabilities and Security Researches

WPC Smart Quick View for WooCommerce, CVE-2025-11741

CVE, Research URL

CVE-2025-11741

Home page URL

Security reports for WPC Smart Quick View for WooCommerce

Application

WPC Smart Quick View for WooCommerce

Published on
Oct 18, 2025
Research Description
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
Affected versions
max 4.2.6.
Status
vulnerable
Previous vulnerability researches
WPC Smart Quick View for WooCommerce (CVE-2025-11741) , Nov 11, 2025
WPC Smart Quick View for WooCommerce (CVE-2023-6494) , Jun 07, 2024
WPC Smart Quick View for WooCommerce (CVE-2024-5020) , Dec 06, 2024
WPC Smart Quick View for WooCommerce (CVE-2025-8618) , Aug 22, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025