WordPress wModes plugin <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure vulnerability

Missing Authorization to Sensitive Information Disclosure vulnerability discovered by NumeX NumeX in WordPress Plugin wModes versions = 1.2.2...

CVE-2025-12639

The WordPress plugin wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions (WooCommerce) is affected by CVE-2025-12639. Versions up to and including 1.2.2 are vulnerable to an authorization bypass via an AJAX endpoint, enabling authenticated attackers with subscriber-level access and...

PT-2025-47282

Name of the Vulnerable Software and Affected Versions wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress versions up to and including 1.2.2 Description The plugin does not properly verify user authorization when accessing sensitive information through an AJAX...

WordPress plugin wModes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...