Vulnerabilities and security researches foreyewear-prescription-form eyewear-prescription-form

Dec 15, 2024

CVE, Research URL: CVE-2024-54239
Home page URL: Security reports for Eyewear prescription form
Application: Eyewear prescription form
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.
Affected versions: max 4.0.18.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-14365
Home page URL: Security reports for Eyewear prescription form
Application: Eyewear prescription form
Date: Dec 13, 2025
Research Description: The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce product categories, including all of their child categories, via the 'catIds' parameter.
Affected versions: max 6.0.1.
Status: vulnerable

CVE, Research URL: CVE-2025-14366
Home page URL: Security reports for Eyewear prescription form
Application: Eyewear prescription form
Date: Dec 13, 2025
Research Description: The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary WooCommerce products with custom names, prices, and category assignments via the 'Name', 'Price', and 'Parent' parameters.
Affected versions: max 6.0.1.
Status: vulnerable