CVE-2025-11888 – ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution

CVE ID : CVE-2025-11888

Published : Oct. 25, 2025, 6:15 a.m. | 28 minutes ago

Description : The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…