CVE-2025-11237
Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Unknown · Make Email Customizer for WooCommerce¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →