Andrii Kaspir

**Name of the Vulnerable Software and Affected Versions** The Email Customizer for WooCommerce versions up to and including 2.6.7 **Description** The Email Customizer for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through email template content. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access to inject arbitrary web scripts into email templates. These scripts will execute when customers view transactional emails. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update The Email Customizer for WooCommerce plugin to a version later than 2.6.7.