CVE-2025-66528 WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through = 1.1.8...

CVE-2025-66528

CVE-2025-66528 refers to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin "Thank You Page Customizer for WooCommerce" (woo-thank-you-page-customizer), affecting versions

CVE-2025-66528 WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through = 1.1.8...

WordPress plugin Thank You Page Customizer for WooCommerce 安全漏洞

...

PT-2025-49973

Name of the Vulnerable Software and Affected Versions WebToffee eCommerce Marketing Automation versions through 2.1.1 Description A missing authorization issue exists in the WebToffee eCommerce Marketing Automation plugin's decorator-woocommerce-email-customizer component. This allows exploitatio...

WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Thank You Page Customizer for WooCommerce versions = 1.1.8...

WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Make Email Customizer for WooCommerce versions = 1.0.6...

EUVD-2025-74049

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11237

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11237

CVE-2025-11237 concerns the WordPress plugin Make Email Customizer for WooCommerce (

PT-2025-46299

Name of the Vulnerable Software and Affected Versions Make Email Customizer for WooCommerce WordPress plugin versions through 1.0.6 Description The software does not properly verify user permissions or validate input data in its AJAX operations. This allows any authenticated user, even those with...

WordPress plugin Make Email Customizer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Login Page Customizer Customizer Login Page, Admin Page, Custom Design versions = 2.1.1...

CVE-2025-64200

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through = 1.2.17...

CVE-2025-64200 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through = 1.2.17...

CVE-2025-64200 WordPress Email Template Customizer for WooCommerce plugin <= 1.2.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through = 1.2.17...

CVE-2025-64200

CVE-2025-64200 affects the WordPress plugin “Email Template Customizer for WooCommerce” (VillaTheme) with versions up to and including 1.2.17. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Exploitation details...

PT-2025-44245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through = 1.2.17...