cleantalk
Vulnerabilities and Security Researches

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution, CVE-2025-10173

CVE, Research URL

CVE-2025-10173

Home page URL

Security reports for ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

Application

ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

Published on
Sep 26, 2025
Research Description
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin's settings.
Affected versions
max 4.8.4.
Status
vulnerable
Previous vulnerability researches
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution (CVE-2025-10173) , Oct 11, 2025
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution (CVE-2022-45371) , Jun 06, 2024
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution (CVE-2025-11888) , Nov 10, 2025
New vulnerability
Kognetiks Chatbot for WordPress (CVE-2025-11256) , Nov 10, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-12469) , Nov 10, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-12468) , Nov 10, 2025
Product Filter by WBW (CVE-2025-11269) , Nov 10, 2025
Product Filter by WBW (CVE-2025-8416) , Nov 10, 2025