How severe is CVE-2025-2719?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-2719?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2025-2719 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.

Related Vulnerabilities

CVE-2013-3703

MEDIUM

CVSS:6.5(Medium)

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project met...

CWE-8622013

CVE-2013-4226

MEDIUM

CVSS:6.5(Medium)

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination...

CWE-8622013

CVE-2017-15680

MEDIUM

CVSS:6.5(Medium)

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

CWE-8622017

CVE-2017-6564

MEDIUM

CVSS:6.5(Medium)

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This a...

CWE-8622017

CVE-2017-6923

MEDIUM

CVSS:6.5(Medium)

In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoi...

CWE-8622017

CVE-2018-11785

MEDIUM

CVSS:6.5(Medium)

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

CWE-8622018