← volver
CVE-2025-12820

Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update

CVSS 5.3 MEDIUMEPSS 0.2%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N