CVE-2025-12027

Name of the Vulnerable Software and Affected Versions Mesmerize Companion versions up to and including 1.6.158

Description The Mesmerize Companion plugin for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check within the openPageInCustomizer and openPageInDefaultEditor functions. Authenticated attackers with subscriber-level access or higher, on websites utilizing the Mesmerize theme, can exploit this to perform actions such as marking pages as maintainable, altering page template metadata, and modifying the default editor flag without appropriate authorization.

Recommendations Update Mesmerize Companion to a version newer than 1.6.158.