CVE-2025-14357

Name of the Vulnerable Software and Affected Versions Mega Store Woocommerce theme for WordPress versions prior to 5.9

Description The software is susceptible to unauthorized data modification because of a missing capability check within the setup widgets() function located in the core/includes/importer/whizzie.php file. This allows authenticated attackers possessing Subscriber-level access or higher to create arbitrary pages and alter site settings.

Recommendations Update to a version newer than 5.9.