CVE-2025-14173

CVSS v3.1

5.3

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the

logout

function called via the

actions

function hooked to

admin init

. This makes it possible for unauthenticated attackers to delete arbitrary plugin settings via the

action

parameter.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-14173

Affected Products

Perfit Woocommerce

CVE-2025-14173

Weakness Enumeration

Related Identifiers

Affected Products

References · 4