Swatchly – Woocommerce Variation Swatches For Products (Product Attributes

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:hasthemes:swatchly_–_woocommerce_variation_swatches_for_products_(product_attributes:_image_swatch,_color_swatches,_label_swatches):*:*:*:*:*:*:*:*

part: a version: _image_swatch,_color_swatches,_label_swatches) update: *

VendorHasthemes (d368bab3-bc4f-5819-9d32-f6fb06c04453)
ProductSwatchly – Woocommerce Variation Swatches For Products (Product Attributes (5e5deebf-7fb0-5c11-a110-eb77c377c535)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-2719 vulnerable 2026-06-03 15:00:26.339534 Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
MEDIUM (6.5)
The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.
Published: 2025-04-10T07:02:39.962Z
Updated: 2025-04-10T13:36:01.911Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.