CVE-2025-12820
Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Unknown · Pure WC Variation Swatches