CVE-2025-12091
CVE-2025-12091 affects the WordPress plugin “Search, Filters & Merchandising for WooCommerce” (instantsearch-for-woocommerce). The root cause is a missing capability check on the wcis_save_email endpoint, allowing authenticated users with Subscriber-level access and higher to deactivate the plugi...