cleantalk
Vulnerabilities and Security Researches

Eyewear prescription form, CVE-2025-14366

CVE, Research URL

CVE-2025-14366

Home page URL

Security reports for Eyewear prescription form

Application

Eyewear prescription form

Published on
Dec 13, 2025
Research Description
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary WooCommerce products with custom names, prices, and category assignments via the 'Name', 'Price', and 'Parent' parameters.
Affected versions
max 6.0.1.
Status
vulnerable
Previous vulnerability researches
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
New vulnerability
404 Solution (CVE-2025-14477) , Jan 10, 2026
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More. (CVE-2025-69024) , Jan 10, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-13754) , Jan 10, 2026
LearnPress – WordPress LMS Plugin (CVE-2025-14387) , Jan 10, 2026
LearnPress – WordPress LMS Plugin (CVE-2025-13956) , Jan 10, 2026