cleantalk
Vulnerabilities and Security Researches

Hide Categories Or Products On Shop Page, CVE-2025-12128

CVE, Research URL

CVE-2025-12128

Home page URL

Security reports for Hide Categories Or Products On Shop Page

Application

Hide Categories Or Products On Shop Page

Published on
Dec 05, 2025
Research Description
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.0.7.
Status
vulnerable
Previous vulnerability researches
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025