CVE-2026-3474

Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.4

Description The EmailKit plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This occurs because the action() function within the TemplateData class directly uses user-provided input from the 'emailkit-editor-template' REST API parameter with the file get contents() function, lacking proper path validation, sanitization, or directory restrictions. Authenticated attackers possessing Administrator privileges can exploit this to read arbitrary files on the server, such as /etc/passwd or wp-config.php, by providing a crafted traversal path. The retrieved file contents are then stored as post meta and can be accessed through the fetch-data API endpoint.

Recommendations Update EmailKit – Email Customizer for WooCommerce & WP to version 1.6.4 or later.