Pure WC Variation Swatches

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.

Basic Information

ID CVE-2025-12820

Source WPScan

Published Dec 20, 2025 at 06:00

Modified Dec 21, 2025 at 14:42

Affected Product

Vendor Unknown

Product Pure WC Variation Swatches

Affected Versions Unknown Pure WC Variation Swatches 0

CWE Classification

References

wpscan.com /vulnerability/36ccd54a-265a-44d5-b788-bc14446e3098/

{
    "lastseen": "",
    "description": "The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.",
    "published": "2025-12-20T06:00:08.473Z",
    "modified": "2025-12-21T14:42:14.024Z",
    "type": "cve",
    "title": "Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/36ccd54a-265a-44d5-b788-bc14446e3098/",
    "id": "CVE-2025-12820",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Pure WC Variation Swatches 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pure WC Variation Swatches",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update_CVE-2025-12820