CVE-2025-12639
wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure
The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods.
| CWE | CWE-862 |
| Vendor | sundayfanz |
| Product | wmodes – catalog mode, product pricing, enquiry forms & promotions | for woocommerce |
| Published | Nov 18, 2025 |
| Last Updated | Apr 8, 2026 |
Get instant alerts for sundayfanz wmodes – catalog mode, product pricing, enquiry forms & promotions | for woocommerce
Be the first to know when new medium vulnerabilities affecting sundayfanz wmodes – catalog mode, product pricing, enquiry forms & promotions | for woocommerce are published — delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N