CVE-2025-12820
Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
20 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
Unknown · Pure WC Variation Swatches