PT-2026-2834 · WordPress · Perfit Woocommerce Plugin
Abhirup Konwar
·
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2025-14173
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Perfit WooCommerce plugin versions prior to 1.0.2
Description
The Perfit WooCommerce plugin for WordPress is affected by a missing authorization issue. Specifically, the
logout function, called through the actions function hooked to admin init, lacks proper authorization checks. This allows unauthenticated attackers to delete arbitrary plugin settings by manipulating the action parameter.Recommendations
Update the Perfit WooCommerce plugin to version 1.0.2 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perfit Woocommerce Plugin