CVE-2025-7821
CVE-2025-7821 affects the WC Plus WordPress plugin (versions up to and including 1.2.0). The vulnerability arises from a missing capability check on the pluswc_logo_favicon_logo_base AJAX action, allowing unauthenticated modification of the site favicon/logo base. CVSS v3.1 base score is 5.3 (Med...