Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Mega Store Woocommerce theme allows unauthorized site changes
CVE-2025-14357
Summary
The Mega Store Woocommerce theme has a security flaw that lets authorized users with limited access create or modify site pages and settings. This is a concern because it could be exploited by attackers to make unwanted changes to your website. To protect your site, update the theme to the latest version or consider using a more secure alternative.
Original title
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie...
Original description
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary pages and modify site settings.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026