Refine your search
15 vulnerabilities found for by premmerce
CVE-2025-13440 (GCVE-0-2025-13440)
Vulnerability from cvelistv5
Published
2025-12-12 03:20
Modified
2025-12-15 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| premmerce | Premmerce Wishlist for WooCommerce |
Version: * ≤ 1.1.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T20:11:44.023221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:13:29.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premmerce Wishlist for WooCommerce",
"vendor": "premmerce",
"versions": [
{
"lessThanOrEqual": "1.1.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhirup Konwar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T03:20:50.767Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9347900c-61c2-4d63-885e-e971c646b737?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/trunk/src/Admin/Admin.php#L334"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/tags/1.1.10/src/Admin/Admin.php#L334"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-11T15:05:19.000+00:00",
"value": "Disclosed"
}
],
"title": "Premmerce Wishlist for WooCommerce \u003c= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13440",
"datePublished": "2025-12-12T03:20:50.767Z",
"dateReserved": "2025-11-19T19:06:21.133Z",
"dateUpdated": "2025-12-15T18:13:29.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12783 (GCVE-0-2025-12783)
Vulnerability from cvelistv5
Published
2025-12-12 03:20
Modified
2025-12-15 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| premmerce | Premmerce Brands for WooCommerce |
Version: * ≤ 1.2.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T17:49:59.867919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T18:15:15.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premmerce Brands for WooCommerce",
"vendor": "premmerce",
"versions": [
{
"lessThanOrEqual": "1.2.13",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
},
{
"lang": "en",
"type": "finder",
"value": "Powpy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T03:20:47.249Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6560ba0b-2190-4d30-b0c4-f07d524ccfde?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-brands/tags/1.2.13/src/Admin/Admin.php#L101"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-11T14:30:57.000+00:00",
"value": "Disclosed"
}
],
"title": "Premmerce Brands for WooCommerce \u003c= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12783",
"datePublished": "2025-12-12T03:20:47.249Z",
"dateReserved": "2025-11-05T22:32:16.722Z",
"dateUpdated": "2025-12-15T18:15:15.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12411 (GCVE-0-2025-12411)
Vulnerability from cvelistv5
Published
2025-11-18 08:27
Modified
2025-11-18 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php "premmerce_update_price_type" action, causing cosmetic corruption of the admin interface. The 'price_type' parameter of the "premmerce_delete_price_type" is also vulnerable.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| premmerce | Premmerce Wholesale Pricing for WooCommerce |
Version: * ≤ 1.1.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:25:17.699297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:35:18.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Premmerce Wholesale Pricing for WooCommerce",
"vendor": "premmerce",
"versions": [
{
"lessThanOrEqual": "1.1.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Powpy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the \u0027ID\u0027 parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php \"premmerce_update_price_type\" action, causing cosmetic corruption of the admin interface. The \u0027price_type\u0027 parameter of the \"premmerce_delete_price_type\" is also vulnerable."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T08:27:30.246Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e4e27e0-bbb0-498a-b425-9e9d60dfed0f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Models/Model.php#L171"
},
{
"url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Admin/Admin.php#L83"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-17T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-17T20:08:58.000+00:00",
"value": "Disclosed"
}
],
"title": "Premmerce Wholesale Pricing for WooCommerce \u003c= 1.1.10 - Authenticated (Subscriber+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12411",
"datePublished": "2025-11-18T08:27:30.246Z",
"dateReserved": "2025-10-28T15:27:58.347Z",
"dateUpdated": "2025-11-18T16:35:18.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60241 (GCVE-0-2025-60241)
Vulnerability from cvelistv5
Published
2025-11-06 15:55
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T14:18:27.153374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T14:25:51.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce",
"product": "Premmerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.3.19",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryan Novotny | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-11-06T16:44:20.762Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce: from n/a through \u003c= 1.3.19.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through \u003c= 1.3.19."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:46.547Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce/vulnerability/wordpress-premmerce-plugin-1-3-19-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce plugin \u003c= 1.3.19 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60241",
"datePublished": "2025-11-06T15:55:13.362Z",
"dateReserved": "2025-09-25T15:34:44.964Z",
"dateUpdated": "2025-11-13T10:33:46.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60194 (GCVE-0-2025-60194)
Vulnerability from cvelistv5
Published
2025-11-06 15:54
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Product Search for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:02:00.433209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:02:04.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-search",
"product": "Premmerce Product Search for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-11-06T16:45:23.269Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:44.741Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60194",
"datePublished": "2025-11-06T15:54:50.878Z",
"dateReserved": "2025-09-25T15:28:34.981Z",
"dateUpdated": "2025-11-13T10:33:44.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60193 (GCVE-0-2025-60193)
Vulnerability from cvelistv5
Published
2025-11-06 15:54
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce User Roles |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T20:01:21.056877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:01:26.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-user-roles",
"product": "Premmerce User Roles",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.0.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-11-06T16:45:25.712Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:44.062Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60193",
"datePublished": "2025-11-06T15:54:49.770Z",
"dateReserved": "2025-09-25T15:28:34.981Z",
"dateUpdated": "2025-11-13T10:33:44.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60192 (GCVE-0-2025-60192)
Vulnerability from cvelistv5
Published
2025-11-06 15:54
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Wholesale Pricing for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T19:57:18.856793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T19:57:53.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-woocommerce-wholesale-pricing",
"product": "Premmerce Wholesale Pricing for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.1.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-11-06T16:45:24.824Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:44.723Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wholesale-pricing/vulnerability/wordpress-premmerce-wholesale-pricing-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Wholesale Pricing for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60192",
"datePublished": "2025-11-06T15:54:49.257Z",
"dateReserved": "2025-09-25T15:28:34.981Z",
"dateUpdated": "2025-11-13T10:33:44.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60191 (GCVE-0-2025-60191)
Vulnerability from cvelistv5
Published
2025-11-06 15:54
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through <= 1.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Wishlist for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:19:03.312434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:19:06.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-woocommerce-wishlist",
"product": "Premmerce Wishlist for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.1.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-11-06T16:45:19.744Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
}
],
"value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "PHP Local File Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:44.648Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Wishlist for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60191",
"datePublished": "2025-11-06T15:54:48.713Z",
"dateReserved": "2025-09-25T15:28:34.981Z",
"dateUpdated": "2025-11-13T10:33:44.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64291 (GCVE-0-2025-64291)
Vulnerability from cvelistv5
Published
2025-10-29 08:38
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce User Roles |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:18:31.246536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:18:34.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-user-roles",
"product": "Premmerce User Roles",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.0.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-29T09:17:59.788Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:49.343Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64291",
"datePublished": "2025-10-29T08:38:15.757Z",
"dateReserved": "2025-10-29T03:29:08.850Z",
"dateUpdated": "2025-11-13T10:33:49.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64290 (GCVE-0-2025-64290)
Vulnerability from cvelistv5
Published
2025-10-29 08:38
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Product Search for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:20:42.559425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:20:46.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-search",
"product": "Premmerce Product Search for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-29T09:17:59.114Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:49.409Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64290",
"datePublished": "2025-10-29T08:38:15.299Z",
"dateReserved": "2025-10-29T03:29:08.850Z",
"dateUpdated": "2025-11-13T10:33:49.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64289 (GCVE-0-2025-64289)
Vulnerability from cvelistv5
Published
2025-10-29 08:38
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Product Search for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64289",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:01:29.029726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:01:35.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-search",
"product": "Premmerce Product Search for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-29T09:17:18.435Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:49.275Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64289",
"datePublished": "2025-10-29T08:38:14.838Z",
"dateReserved": "2025-10-29T03:29:08.850Z",
"dateUpdated": "2025-11-13T10:33:49.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64288 (GCVE-0-2025-64288)
Vulnerability from cvelistv5
Published
2025-10-29 08:38
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through <= 1.3.19.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:03:09.383617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:03:16.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce",
"product": "Premmerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.3.19",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-29T09:17:18.297Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Premmerce: from n/a through \u003c= 1.3.19.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through \u003c= 1.3.19."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:49.364Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce/vulnerability/wordpress-premmerce-plugin-1-3-19-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce plugin \u003c= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64288",
"datePublished": "2025-10-29T08:38:14.400Z",
"dateReserved": "2025-10-29T03:29:08.850Z",
"dateUpdated": "2025-11-13T10:33:49.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64285 (GCVE-0-2025-64285)
Vulnerability from cvelistv5
Published
2025-10-29 08:38
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Wholesale Pricing for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-64285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T14:07:06.057551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T14:07:14.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-woocommerce-wholesale-pricing",
"product": "Premmerce Wholesale Pricing for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.1.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-29T09:17:17.381Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:49.266Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wholesale-pricing/vulnerability/wordpress-premmerce-wholesale-pricing-for-woocommerce-plugin-1-1-10-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Wholesale Pricing for WooCommerce plugin \u003c= 1.1.10 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-64285",
"datePublished": "2025-10-29T08:38:13.449Z",
"dateReserved": "2025-10-29T03:29:08.849Z",
"dateUpdated": "2025-11-13T10:33:49.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62890 (GCVE-0-2025-62890)
Vulnerability from cvelistv5
Published
2025-10-27 01:33
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce Brands for WooCommerce |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:21:59.506947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T13:57:37.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-woocommerce-brands",
"product": "Premmerce Brands for WooCommerce",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.2.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bao - BlueRock | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-27T02:27:58.995Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Premmerce Brands for WooCommerce: from n/a through \u003c= 1.2.13.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through \u003c= 1.2.13."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:47.456Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-brands/vulnerability/wordpress-premmerce-brands-for-woocommerce-plugin-1-2-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce Brands for WooCommerce plugin \u003c= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62890",
"datePublished": "2025-10-27T01:33:46.308Z",
"dateReserved": "2025-10-24T14:24:16.560Z",
"dateUpdated": "2025-11-13T10:33:47.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62883 (GCVE-0-2025-62883)
Vulnerability from cvelistv5
Published
2025-10-27 01:33
Modified
2025-11-13 10:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Premmerce | Premmerce User Roles |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:25:10.727159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:56:36.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "premmerce-user-roles",
"product": "Premmerce User Roles",
"vendor": "Premmerce",
"versions": [
{
"lessThanOrEqual": "\u003c= 1.0.13",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tran Tuan Dung (domiee13) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-10-27T02:29:16.768Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T10:33:47.380Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-62883",
"datePublished": "2025-10-27T01:33:43.581Z",
"dateReserved": "2025-10-24T14:24:07.765Z",
"dateUpdated": "2025-11-13T10:33:47.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}