cleantalk
Vulnerabilities and Security Researches

Ni WooCommerce Customer Product Report, CVE-2025-7827

CVE, Research URL

CVE-2025-7827

Home page URL

Security reports for Ni WooCommerce Customer Product Report

Application

Ni WooCommerce Customer Product Report

Published on
Aug 23, 2025
Research Description
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.
Affected versions
Min -, max 1.2.4.
Status
vulnerable
Previous vulnerability researches
Snow Storm (b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3) , Mar 22, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025
New vulnerability
Ultimate twitter profile widget (CVE-2025-48321) , Aug 27, 2025
Lazy Load for Videos (CVE-2025-7732) , Aug 27, 2025
PPWP – Password Protect Pages (CVE-2025-5998) , Aug 27, 2025
Ebook Store (CVE-2025-8113) , Aug 27, 2025
Custom Comment (CVE-2025-48365) , Aug 27, 2025