CVE-2025-12820

MEDIUM 5.3

Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

13th

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.

Vendor	unknown
Product	pure wc variation swatches
Published	Dec 20, 2025
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown pure wc variation swatches

Be the first to know when new medium vulnerabilities affecting unknown pure wc variation swatches are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Pure WC Variation Swatches

0 ≤ 1.1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/36ccd54a-265a-44d5-b788-bc14446e3098/

Credits

Khaled Alenazi (Nxploited) WPScan