CVE-2026-27329
Received Received - Intake
Authorization Bypass in YITH WooCommerce Wishlist

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: Patchstack

Description
Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-05-07
AI Q&A
2026-05-07
EPSS Evaluated
N/A
NVD
CVE-2026-27329
EUVD
EUVD-2026-28334
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yith yith_woocommerce_wishlist to 4.12.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-27329 is an Insecure Direct Object References (IDOR) vulnerability in the WordPress YITH WooCommerce Wishlist Plugin versions 4.12.0 and earlier.

This flaw allows unauthorized users to bypass authorization controls and access sensitive files, folders, or interact with the database due to improperly configured access control security levels.

It is classified under OWASP Top 10's A1: Broken Access Control and has a CVSS score of 5.3, indicating a low severity impact.


How can this vulnerability impact me? :

This vulnerability can allow unauthorized users to bypass access controls and gain access to sensitive data or interact with the database without permission.

While the severity is considered low, attackers could exploit this vulnerability in large-scale campaigns targeting thousands of websites, potentially leading to data exposure or unauthorized actions.

Users of the affected plugin versions are advised to update to version 4.13.0 immediately to mitigate this risk.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-27329 vulnerability in the YITH WooCommerce Wishlist plugin, you should immediately update the plugin to version 4.13.0 or later, where the issue has been patched.

If you are using Patchstack, enabling auto-updates for vulnerable plugins can help ensure you receive security patches promptly.

Since the vulnerability allows unauthorized access due to improper access controls, applying the update is the most effective immediate step to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart