CVE-2025-11741
WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product ExposureThe WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
We have discovered 3,278 live websites that are affected by CVE-2025-11741.
Affected Software
| Product |  Woo Smart Quick View |
| Category | Wordpress Plugins |
| Vulnerable Domains | 3,278 live websites (44% of Woo Smart Quick View install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 93 versions ( 95% of all versions) |
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled KeyDetails
- Published - Oct 18, 2025
- Updated - Apr 8, 2026
Credits
- Lucas Montes (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-11741 United States | 814 websites |
 India | 214 websites |
 Germany | 183 websites |
 GB | 169 websites |
 Italy | 169 websites |
 France | 150 websites |
 Turkey | 137 websites |
 Spain | 90 websites |
 Poland | 78 websites |
 Romania | 63 websites |
Website Distribution by TLD
Number of websites using CVE-2025-11741| .com | 1,555 websites |
| .it | 130 websites |
| .net | 75 websites |
| .co.uk | 69 websites |
| .org | 68 websites |
| .fr | 62 websites |
| .pl | 56 websites |
| .com.br | 55 websites |
| .ru | 48 websites |
| .de | 42 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-11741
Top websites that are affected by CVE-2025-11741. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.net | France | **,*** | |
| ************.***.au |  Australia | ***,*** | |
| *********.com | Germany | ***,*** | |
| ***********.com | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ******************.com | United States | ***,*** | |
| ********.***********.com | Germany | *,***,*** | |
| ***********.************.com | United States | *,***,*** | |
| ********************.com | United States | *,***,*** |
FAQ
CVE-2025-11741 is Authorization Bypass Through User-Controlled Key in Woo Smart Quick View
A total of 3,278 websites have been identified as vulnerable to CVE-2025-11741, based on global website indexing conducted by WebTechSurvey.
The Woo Smart Quick View is affected by the CVE-2025-11741 vulnerability.
Woo Smart Quick View versions up to and including 4.2.5 are vulnerable to CVE-2025-11741.