Vulnerability Database

317,828

Total vulnerabilities in the database

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admin_init. This makes it possible for unauthenticated attackers to delete arbitrary plugin settings via the action parameter.

Published: Jan 14, 2026
Updated: Jan 15, 2026
CVE: CVE-2025-14173
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-862

Affected Software
References

No affected software listed.

https://plugins.trac.wordpress.org/browser/perfit-woocommerce/tags/1.0.1/includes/class-wcp-settings-tab.php#L102
https://plugins.trac.wordpress.org/browser/perfit-woocommerce/trunk/includes/class-wcp-settings-tab.php#L102
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb141b46-2585-4b58-8d91-0cdb275348a1?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo