CVE-2025-11741
WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product ExposureThe WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
We have discovered 3,873 live websites that are affected by CVE-2025-11741.
Affected Software
| Product |  Woo Smart Quick View |
| Category | Wordpress Plugins |
| Vulnerable Domains | 3,873 live websites (54% of Woo Smart Quick View install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 94 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled KeyDetails
- Published - Oct 18, 2025
- Updated - Oct 20, 2025
Credits
- Lucas Montes (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-11741 United States | 973 websites |
 India | 257 websites |
 Germany | 238 websites |
 Italy | 203 websites |
 GB | 202 websites |
 France | 182 websites |
 Turkey | 138 websites |
 Cyprus | 96 websites |
 Spain | 92 websites |
 Poland | 85 websites |
Website Distribution by TLD
Number of websites using CVE-2025-11741| .com | 1,855 websites |
| .it | 156 websites |
| .net | 93 websites |
| .co.uk | 84 websites |
| .org | 80 websites |
| .fr | 71 websites |
| .com.br | 69 websites |
| .pl | 62 websites |
| .ru | 60 websites |
| .de | 56 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-11741
Top websites that are affected by CVE-2025-11741. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.net | France | **,*** | |
| ************.***.au |  Australia | ***,*** | |
| *******.*********.com | United States | ***,*** | |
| *******.*********.com | United States | ***,*** | |
| *********.africa |  Kenya | ***,*** | |
| *********.com | Germany | ***,*** | |
| *******.*********.com | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| *******.*********.com | Italy | ***,*** | |
| *****.***.eg |  Egypt | ***,*** |
FAQ
CVE-2025-11741 is Authorization Bypass Through User-Controlled Key in Woo Smart Quick View
A total of 3,873 websites have been identified as vulnerable to CVE-2025-11741, based on global website indexing conducted by WebTechSurvey.
The Woo Smart Quick View is affected by the CVE-2025-11741 vulnerability.
Woo Smart Quick View versions up to and including 4.2.5 are vulnerable to CVE-2025-11741.