WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update vulnerability

Missing Authorization To Authenticated Subscriber+ Brand Permalink Settings Update vulnerability discovered by WordFence in WordPress Plugin Premmerce Brands for WooCommerce versions = 1.2.13...

CVE-2025-12783

The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...