CVE-2025-11237 | HackTesting

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.

Credits

Khaled Alenazi (Nxploited)

WPScan

References

https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/