CVE-2025-12777 | YITH WooCommerce Wishlist Plugin up to 4.10.0 on WordPress AJAX lists authorization

A vulnerability categorized as critical has been discovered in YITH WooCommerce Wishlist Plugin up to 4.10.0 on WordPress. This affects an unknown function of the file /wp-json/yith/wishlist/v1/lists of the component AJAX Handler. The manipulation results in authorization bypass.

This vulnerability is reported as CVE-2025-12777. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More