Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-12-08
CVE-2025-12091 - Merchandising For Woocommerce Plugin
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.
PLUGIN
Merchandising For Woocommerce
CVE-2025-12091
Risk Score