cleantalk
Vulnerabilities and Security Researches

Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches), CVE-2025-2719

CVE, Research URL

CVE-2025-2719

Home page URL

Security reports for Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)

Application

Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)

Published on
Apr 10, 2025
Research Description
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
Affected versions
Min 1.2.8, max 1.4.0.
Status
vulnerable
Previous vulnerability researches
Church Admin (CVE-2025-39555) , Apr 18, 2025
Church Admin (CVE-2024-50438) , Oct 28, 2024
Church Admin (CVE-2024-37440) , Jul 02, 2024
Church Admin (CVE-2024-53795) , Dec 08, 2024
Church Admin (CVE-2025-26941) , Mar 28, 2025
New vulnerability
Asgaros Forum (CVE-2025-39514) , Apr 18, 2025
Total processing card payments for WooCommerce (CVE-2025-32513) , Apr 18, 2025
WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms (CVE-2025-39560) , Apr 18, 2025
CRUDLab Scroll to Top (CVE-2025-22774) , Apr 18, 2025
Editor Wysiwyg Background Color (CVE-2025-23958) , Apr 18, 2025