Fast Simon Search, Filters & Merchandising for WooCommerce Plugin Deactivation wcis_save_email authorization

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Fast Simon Search, Filters & Merchandising for WooCommerce Plugin up to 3.0.63 on WordPress. This affects the function wcis_save_email of the component Deactivation Handler. This manipulation causes authorization. This vulnerability appears as CVE-2025-12091. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability was found in Fast Simon Search, Filters & Merchandising for WooCommerce Plugin up to 3.0.63 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function wcis_save_email of the component Deactivation Handler. The manipulation with an unknown input leads to a authorization vulnerability. The CWE definition for the vulnerability is CWE-862. The product does not perform an authorization check when an actor attempts to access a resource or perform an action. As an impact it is known to affect integrity, and availability. The summary by CVE is:

The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.

The advisory is shared at wordfence.com. This vulnerability is known as CVE-2025-12091. The exploitation appears to be easy. The attack can be launched remotely. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/06/2025).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-201517). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• E-Commerce Management Software

Vendor

• Fast Simon

Name

• Search, Filters & Merchandising for WooCommerce Plugin

Version

• 3.0.0
• 3.0.1
• 3.0.2
• 3.0.3
• 3.0.4
• 3.0.5
• 3.0.6
• 3.0.7
• 3.0.8
• 3.0.9
• 3.0.10
• 3.0.11
• 3.0.12
• 3.0.13
• 3.0.14
• 3.0.15
• 3.0.16
• 3.0.17
• 3.0.18
• 3.0.19
• 3.0.20
• 3.0.21
• 3.0.22
• 3.0.23
• 3.0.24
• 3.0.25
• 3.0.26
• 3.0.27
• 3.0.28
• 3.0.29
• 3.0.30
• 3.0.31
• 3.0.32
• 3.0.33
• 3.0.34
• 3.0.35
• 3.0.36
• 3.0.37
• 3.0.38
• 3.0.39
• 3.0.40
• 3.0.41
• 3.0.42
• 3.0.43
• 3.0.44
• 3.0.45
• 3.0.46
• 3.0.47
• 3.0.48
• 3.0.49
• 3.0.50
• 3.0.51
• 3.0.52
• 3.0.53
• 3.0.54
• 3.0.55
• 3.0.56
• 3.0.57
• 3.0.58
• 3.0.59
• 3.0.60
• 3.0.61
• 3.0.62
• 3.0.63

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion