CVE-2025-6730

by Fred · 29/07/2025

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set the opt in status to success.

More information : https://plugins.trac.wordpress.org/browser/bonanza-woocommerce-free-gifts-lite/trunk/xl/includes/class-xl-opt-in-manager.php#L244

CVE-2025-6730

Similar

Recent Posts

Categories

CVE-2025-6730

Share this:

Similar

Recent Posts

Categories

Tags