cleantalk
Vulnerabilities and Security Researches

DominoKit, CVE-2025-12350

CVE, Research URL

CVE-2025-12350

Home page URL

Security reports for DominoKit

Application

DominoKit

Published on
Nov 04, 2025
Research Description
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings.
Affected versions
max 1.1.0.
Status
vulnerable
Previous vulnerability researches
DominoKit (CVE-2025-12350) , Nov 10, 2025
New vulnerability
Email Template Customizer for WooCommerce (CVE-2025-64200) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-64285) , Nov 11, 2025
Premmerce Wholesale Pricing for WooCommerce (CVE-2025-60192) , Nov 11, 2025
Footnotes Made Easy (CVE-2025-11733) , Nov 11, 2025
CoSchedule (CVE-2025-49913) , Nov 11, 2025