WordPress Plugin Vulnerabilities

Pochipp <= 1.18.0 - Missing Authorization

Description

The Pochipp plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.18.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
pochipp
No known fix

References

CVE
CVE-2025-66129
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/031df7ea-b341-40fc-981f-711883f08742

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
NumeX
Verified
No
WPVDB ID
945583d0-d636-4f17-bdfa-cc6fab5eaa6d

Timeline

Publicly Published
2025-12-14 (about 15 days ago)
Added
2025-12-19 (about 9 days ago)
Last Updated
2025-12-19 (about 9 days ago)

Other

Published
Title
Published
2025-01-31
Title
Nirweb support <= 3.0.3 - Missing Authorization
Published
2025-04-04
Title
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution < 4.2.20 - Missing Authorization to Unauthenticated Table Rates Deletion
Published
2025-06-13
Title
Premmerce User Roles <= 1.0.13 - Missing Authorization
Published
2024-05-09
Title
MC Woocommerce Wishlist < 1.7.9 - Missing Authorization
Published
2023-10-12
Title
WP ERP < 1.12.7 - Missing Authorization via admin notice dismissal