2 matches found
CVE-2025-12783 Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update
The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level...
GHSA-2X7R-93WW-CXRQ Winter CMS Local File Inclusion through Server Side Template Injection
Impact Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. By default, only th...