Security Vulnerability Report
中文
CVE-2025-12639 CVSS 4.3 MEDIUM

CVE-2025-12639

Published: 2025-11-18 10:15:48
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

wModes插件 ≤ 1.2.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// 漏洞概述:此漏洞允许低权限用户通过AJAX端点获取敏感信息 // 防御建议: // 1. 升级插件至1.2.2之后的最新版本 // 2. 检查插件权限配置,确保AJAX端点有适当的capability检查 // 3. 审查WordPress用户角色权限分配 // 4. 监控异常的用户数据访问行为 // 注意:本文档仅供安全研究目的,实际漏洞利用需要授权

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12639", "sourceIdentifier": "[email protected]", "published": "2025-11-18T10:15:48.137", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L12", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L165", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/catalog-mode-pricing-enquiry-forms-promotions/tags/1.2.1/framework/reon/core/class.reon.core.ajax.php#L29", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3392651/catalog-mode-pricing-enquiry-forms-promotions/trunk?contextall=1&old=3390779&old_path=%2Fcatalog-mode-pricing-enquiry-forms-promotions%2Ftrunk#file11", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/979001c4-45dd-4168-8749-c8eebe237b60?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.