cleantalk
Vulnerabilities and Security Researches

EPROLO Dropshipping, CVE-2025-12133

CVE, Research URL

CVE-2025-12133

Home page URL

Security reports for EPROLO Dropshipping

Application

EPROLO Dropshipping

Published on
Dec 05, 2025
Research Description
The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete tracking data.
Affected versions
max 2.3.1.
Status
vulnerable
Previous vulnerability researches
EPROLO Dropshipping (CVE-2024-33573) , Jun 07, 2024
EPROLO Dropshipping (CVE-2025-12133) , Dec 11, 2025
New vulnerability
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
Trail Manager (CVE-2025-13682) , Dec 11, 2025
Course Booking System (CVE-2025-12042) , Dec 11, 2025
Chamber Dashboard Business Directory (CVE-2025-13414) , Dec 11, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-11560) , Dec 11, 2025