CVE-2025-11237

MEDIUM 5.3

Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

3th

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.

Vendor	unknown
Product	make email customizer for woocommerce
Published	Nov 11, 2025
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown make email customizer for woocommerce

Be the first to know when new medium vulnerabilities affecting unknown make email customizer for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Make Email Customizer for WooCommerce

0 ≤ 1.0.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/

Credits

Khaled Alenazi (Nxploited) WPScan