CVE-2025-2266P2CRITICALCVSS 9.8≥ 8.6.5, ≤ 8.7.52025-03-29
CVE-2025-2266 [CRITICAL] CWE-862 CVE-2025-2266: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modifi
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress si
nvd