PT-2025-46299 · WordPress · Email Customizer For Woocommerce
Khaled Alenazi
·
Published
2025-11-11
·
Updated
2025-11-12
·
CVE-2025-11237
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Make Email Customizer for WooCommerce WordPress plugin versions through 1.0.6
Description
The software does not properly verify user permissions or validate input data in its AJAX operations. This allows any authenticated user, even those with limited privileges like a Subscriber, to modify arbitrary WordPress options. The affected AJAX actions lack sufficient authorization checks and input validation, enabling unauthorized option updates.
Recommendations
Update Make Email Customizer for WooCommerce WordPress plugin to a version beyond 1.0.6.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Email Customizer For Woocommerce