PT-2025-52546 · WordPress · Pure Wc Variation Swatches
Khaled Alenazi
·
Published
2025-12-20
·
Updated
2025-12-21
·
CVE-2025-12820
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Pure WC Variation Swatches WordPress plugin versions through 1.1.7
Description
The Pure WC Variation Swatches WordPress plugin does not perform authorization checks when updating its settings. This allows any authenticated user to modify these settings.
Recommendations
Update the Pure WC Variation Swatches WordPress plugin to a version later than 1.1.7.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pure Wc Variation Swatches