Security Advisory

CVE-2025-11237

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-11 06:00:04

Last updated 2026-04-02 12:39:51

Assigner WPScan

State PUBLISHED

Description

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.

← Browse all CVEs View on cve.org ↗