PT-2026-1612 · WordPress+1 · Email Customizer For Woocommerce+1

Andrii Kaspir

Publicado

2026-01-07

Atualizado

2026-01-07

CVE-2025-13974

CVSS v3.1

4.4

Média

Vetor

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Email Customizer for WooCommerce versions up to and including 2.6.7

Description The Email Customizer for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through email template content. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access to inject arbitrary web scripts into email templates. These scripts will execute when customers view transactional emails. This issue only impacts multi-site installations and those where unfiltered html has been disabled.

Recommendations Update The Email Customizer for WooCommerce plugin to a version later than 2.6.7.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-13974

Produtos afetados

Email Customizer For Woocommerce

Woocommerce

PT-2026-1612 · WordPress+1 · Email Customizer For Woocommerce+1

CVE-2025-13974

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6