CVE-2025-14365
📋 TL;DR
This vulnerability in the Eyewear prescription form WordPress plugin allows unauthenticated attackers to delete arbitrary WooCommerce product categories, including all child categories, via the 'catIds' parameter. All WordPress sites using this plugin up to version 6.0.1 are affected. The issue stems from missing authorization checks on the RemoveItems AJAX action.
💻 Affected Systems
- Eyewear prescription form WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete deletion of all WooCommerce product categories, disrupting e-commerce functionality and requiring full category restoration from backups.
Likely Case
Targeted deletion of specific product categories, causing temporary disruption to product organization and sales.
If Mitigated
No impact if proper authorization controls are implemented or plugin is updated/disabled.
🎯 Exploit Status
Simple HTTP request to the vulnerable AJAX endpoint with catIds parameter. No special tools or skills required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.0.2 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.2/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Eyewear prescription form' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin.
🔧 Temporary Workarounds
Disable plugin
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate eyewear-prescription-form
Block AJAX endpoint
linuxBlock access to the vulnerable AJAX endpoint via web server configuration
# Apache: RewriteRule ^wp-admin/admin-ajax\.php.*RemoveItems - [F]
# Nginx: location ~* RemoveItems { deny all; }
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests containing 'RemoveItems' action
- Restrict access to wp-admin/admin-ajax.php to authenticated users only
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Eyewear prescription form' version 6.0.1 or earlierCheck Version:
wp plugin get eyewear-prescription-form --field=versionVerify Fix Applied:
Verify plugin version is 6.0.2 or later, or plugin is deactivated/removed📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with 'action=RemoveItems' parameter
- Unusual category deletion events in WooCommerce logs
Network Indicators:
- POST requests to admin-ajax.php with catIds parameter from unauthenticated sources
SIEM Query:
source="web_access_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data="*action=RemoveItems*" AND NOT user_agent="*WordPress*"🔗 References
- https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L326
- https://plugins.trac.wordpress.org/browser/eyewear-prescription-form/tags/6.0.1/admin/class-eyewear_prescription_form-admin.php#L74
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b85fc103-20e5-4599-8ed5-5bd5d9c447ee?source=cve
