The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to

PRODUCTS

WORDPRESS

13-12-2025 19:54

CVE-2025-14366 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#plugin

#woocommerce

#product

#form

#products

#attackers

#authenticated

#arbitrary

#vulnerable

#attack

Descripción

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This due missing authorization checks on the SubmitCatProductRequest AJAX action. makes it possible unauthenticated attackers create arbitrary WooCommerce products with custom names, prices, category assignments via 'Name', 'Price', 'Parent' parameters.

https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L369

https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L71

https://www.wordfence.com/threat-intel/vulnerabilities/id/0f21d7a2-3b4f-487f-a64a-b963427233b3?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-14366

Resultados similares

Coincidentes en almenos en 50% de los tags

16-12-2025 CVE-2025-13741
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Ch...
Ver información

16-12-2025 CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
Ver información