CVE-2025-32511 WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce make-email-customizer-for-woocommerce allows Reflected XSS.This issue affects Make Email Customizer for WooCommerce: from n/a through = 1.0....

PT-2025-17089 · Woocommerce · Email Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: Make Email Customizer for WooCommerce versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables...

WordPress plugin Make Email Customizer for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-13747 WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection

The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'templatedeletesaved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-13747 WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection

The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'templatedeletesaved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-52424

Cross-Site Request Forgery CSRF vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through = 1.0...

CVE-2024-32781

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0...

WordPress GoHero Store Customizer for WooCommerce plugin <= 3.5 - Missing Authorization to Unuthenticated Settings Update vulnerability

Missing Authorization to Unuthenticated Settings Update vulnerability discovered by incognito in WordPress Plugin Download Personalized WooCommerce Cart Page versions = 3.5...

CVE-2024-12826

The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woohactionsettingssavefrontend function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to...

CVE-2024-12826

The CVE-2024-12826 flaw affects the GoHero Store Customizer for WooCommerce (WordPress). It stems from a missing capability check in the wooh_action_settings_save_frontend() function in all versions up to and including 3.5, enabling unauthenticated attackers to modify limited plugin settings. Imp...

CVE-2024-12826 GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update

The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woohactionsettingssavefrontend function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to...

CVE-2024-12826 GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update

The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woohactionsettingssavefrontend function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to...

PT-2025-1962 · WordPress · Gohero Store Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: GoHero Store Customizer for WooCommerce plugin for WordPress versions up to, and including, 3.5 Description: The issue allows unauthorized modification of data due to a missing capability check on the wooh action settings save frontend...

WordPress plugin GoHero Store Customizer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-22802 WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop...

WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail versions = 2.1.4...

CVE-2024-52424

Cross-Site Request Forgery CSRF vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through = 1.0...

CVE-2024-52424

Cross-Site Request Forgery CSRF vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0...

CVE-2024-52424

CVE-2024-52424 — A CSRF allows Stored XSS in the WordPress plugin wp-login-customizer (versions

PT-2024-35264 · Unknown · Suresh Kumar Wp-Login Customizer

Name of the Vulnerable Software and Affected Versions: Suresh Kumar wp-login customizer versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Suresh Kumar wp-login customizer. Recommendations: For Suresh Kumar wp-login...