4 matches found
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
PT-2026-20616
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...