EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification Key Vulnerability Information CVE: CVE-2025-12133 CVSS: 4.3 (Medium) Publicly Published: December 4, 2025 Last Updated: December 5, 2025 Researcher: Legion Hunter Software Type: Plugin Software Slug: eprolo-dropshipping Patched?: No Remediation: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement. Affected Version: <= 2.3.1 References wordpress.org Notes This record contains material that is subject to copyright. No known patch is available for this vulnerability.