Sensitive Data Exposure in WooCommerce Ultimate Points And Rewards Plugin by WPSwings
CVE-2025-64267

Currently unrated

Key Information:

Vendor

WordPress
Status
WooCommerce Ultimate Points And Rewards
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64267?

A vulnerability has been identified in the WooCommerce Ultimate Points And Rewards plugin by WPSwings, where sensitive system information can be exposed to unauthorized control. This issue allows attackers to retrieve embedded sensitive data, potentially compromising user privacy and system integrity. Affected versions are those prior to 2.10.2. It is essential for users to review their plugin configurations and update to the latest version to mitigate this risk.

Affected Version(s)

WooCommerce Ultimate Points And Rewards <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wooc...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Denver Jackson | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64267 : Sensitive Data Exposure in WooCommerce Ultimate Points And Rewards Plugin by WPSwings