CVE-2025-4597

by Fred · 30/05/2025

The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Assigner : cve-request@wordfence.com

More information : https://plugins.trac.wordpress.org/browser/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/trunk/inc/actions.php#L111

CVE-2025-4597

Similar

Recent Posts

Categories

CVE-2025-4597

Share this:

Similar

Recent Posts

Categories

Tags