Authorization Bypass Vulnerability in Catalog Mode, Product Pricing, Enquiry Forms & Promotions Plugin for WordPress
CVE-2025-12639
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 18 November 2025
What is CVE-2025-12639?
The Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress suffers from an authorization bypass issue. This flaw arises from inadequate verification of user authorization when accessing sensitive data via the AJAX endpoint. As a result, authenticated attackers with a minimum of subscriber-level access can exploit this vulnerability to retrieve sensitive user information, including emails, usernames, roles, and capabilities, as well as vital WooCommerce data such as product details and payment methods.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
wModes β Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce * <= 1.2.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved