MEDIUM SeverityCVSS 3.15.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2026-27329

Last updated May 07, 2026 · Published May 07, 2026

Description

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.

Affected products

1 listed

YITH:YITH WooCommerce Wishlist

Mappings

CWE

CWE-639

CAPEC

CAPEC-180

Research

Insecure direct object references (IDOR): detection and preventionInsecure direct object references let users access other users' data by changing an ID. Enforce object-level…

Training

Authorisation and Access ControlRBAC, ABAC, and privilege escalation patterns in real applications.

CVE-2026-27329

Description

Affected products

Mappings

Related