CVE-2025-60243 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-60243
CWE	https://cwe.mitre.org/data/definitions/266.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-60243

CWE

https://cwe.mitre.org/data/definitions/266.html

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References

https://vdp.patchstack.com/database/Wordpress/Plugin/selling-commander-connector/vulnerability/wordpress-selling-commander-for-woocommerce-plugin-1-2-46-privilege-escalation-vulnerability