CVE-2025-2719

Name of the Vulnerable Software and Affected Versions: The Swatchly – WooCommerce Variation Swatches for Products plugin versions 1.2.8 through 1.4.0

Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the ajax dismiss function. This can be used to update option values, potentially creating an error on the site, denying access to legitimate users, or setting certain values to true, such as registration.

Recommendations: For versions 1.2.8 through 1.4.0, consider disabling the ajax dismiss function until a patch is available to prevent unauthorized modification of data. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.