CVE-2025-11741

WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.


We have discovered 3,873 live websites that are affected by CVE-2025-11741.

Run a Free Instant Scan




Affected Software

Product  Woo Smart Quick View
Category Wordpress Plugins
Vulnerable Domains3,873 live websites (54% of Woo Smart Quick View install base)
Vulnerable Versions
  • from 0 through 4.2.5
Vulnerable Versions Count94 versions ( 97% of all versions)


Common Weakness Enumeration

CWE-639 Authorization Bypass Through User-Controlled Key



Details

  • Published - Oct 18, 2025
  • Updated - Oct 20, 2025

Credits

  • Lucas Montes (finder)

Website Distribution by Country

Number of websites using CVE-2025-11741
United States973 websites



India257 websites
Germany238 websites
Italy203 websites
GB202 websites
France182 websites
Turkey138 websites
Cyprus96 websites
Spain92 websites
Poland85 websites

Website Distribution by TLD

Number of websites using CVE-2025-11741
.com1,855 websites
.it156 websites
.net93 websites
.co.uk84 websites
.org80 websites
.fr71 websites
.com.br69 websites
.pl62 websites
.ru60 websites
.de56 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-11741

Top websites that are affected by CVE-2025-11741. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.net France**,***
************.***.au Australia***,***
*******.*********.com United States***,***
*******.*********.com United States***,***
*********.africa Kenya***,***
*********.com Germany***,***
*******.*********.com United States***,***
***********.com United States***,***
*******.*********.com Italy***,***
*****.***.eg Egypt***,***
See full domain list

FAQ

CVE-2025-11741 is Authorization Bypass Through User-Controlled Key in Woo Smart Quick View
A total of 3,873 websites have been identified as vulnerable to CVE-2025-11741, based on global website indexing conducted by WebTechSurvey.
The Woo Smart Quick View is affected by the CVE-2025-11741 vulnerability.
Woo Smart Quick View versions up to and including 4.2.5 are vulnerable to CVE-2025-11741.