CVE-2025-11237

Publication date

2025-11-11 06:00:04

Family

WPScan

State

PUBLISHED

Description

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.