WordPress Plugin Vulnerabilities

Standard Box Sizes – for WooCommerce < 1.6.14 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
standard-box-sizes
Fixed in 1.6.14

References

CVE
CVE-2025-22318
URL
https://patchstack.com/database/wordpress/plugin/standard-box-sizes/vulnerability/wordpress-standard-box-sizes-plugin-1-6-12-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
feda97c8-5786-4527-86a9-86f3f3b1240d

Timeline

Publicly Published
2025-01-03 (about 1 year ago)
Added
2025-01-08 (about 1 year ago)
Last Updated
2025-01-16 (about 1 year ago)

Other

Published
Title
Published
2025-12-12
Title
HAPPY – Helpdesk Support Ticket System < 1.0.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply
Published
2025-07-30
Title
WpEvently < 4.4.7 - Missing Authorization
Published
2025-05-07
Title
Blocksy < 2.0.98 - Missing Authorization
Published
2024-05-22
Title
Brizy – Page Builder < 2.4.44 - Missing Authorization
Published
2025-10-08
Title
Salient Core < 3.0.9 - Missing Authorization