Lucene search
K

6 matches found

EUVD
EUVD
added 2025/12/06 6:30 a.m.4 views

EUVD-2025-201517

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00196EPSS
Exploits0References4
NVD
NVD
added 2025/12/06 6:15 a.m.8 views

CVE-2025-12091

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS0.00196EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 5:49 a.m.17 views

CVE-2025-12091

CVE-2025-12091 affects the WordPress plugin “Search, Filters & Merchandising for WooCommerce” (instantsearch-for-woocommerce). The root cause is a missing capability check on the wcis_save_email endpoint, allowing authenticated users with Subscriber-level access and higher to deactivate the plugi...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-12091 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.25 views

CVE-2025-12091 Search, Filters & Merchandising for WooCommerce <= 3.0.67 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcissaveemail' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with...

4.3CVSS0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.9 views

PT-2025-49330

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis save email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00196EPSS
Exploits0References4
Rows per page
Query Builder