PT-2025-49200 · WordPress · Hide Categories/Products On Shop Page
Published
2025-12-05
·
Updated
2025-12-05
·
CVE-2025-12128
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hide Categories Or Products On Shop Page plugin for WordPress versions up to and including 1.0.7
Description
The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the
save data hcps() function. This allows attackers to update the plugin’s settings via a forged request if they can trick a site administrator into performing an action, such as clicking a link.Recommendations
Update the Hide Categories Or Products On Shop Page plugin to a version newer than 1.0.7.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hide Categories/Products On Shop Page