46 matches found
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on update_template_data in all versions up to 1.6.2. Authenticated attackers with Subscriber-level access and above can modify the title of a...
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
PT-2026-20291
Name of the Vulnerable Software and Affected Versions EmailKit – Email Customizer for WooCommerce & WP versions prior to 1.6.3 Description The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing...
WordPress plugin EmailKit – Email Customizer for WooCommerce & WP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress EmailKit plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin EmailKit versions = 1.6.2...
CVE-2025-14059
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...
CVE-2025-14059
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...
WordPress EmailKit plugin <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal vulnerability
Authenticated Author+ Arbitrary File Read via Path Traversal vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin EmailKit versions = 1.6.1...
CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...
CVE-2025-14059 EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...
CVE-2025-14059
CVE-2025-14059 : EmailKit – Email Customizer for WooCommerce & WP suffers Arbitrary File Read via Path Traversal in create_template REST endpoint. Authenticated attackers with Author+ permissions can craft input through the emailkit-editor-template parameter, whose value is passed to file_get_con...
WordPress plugin EmailKit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2026-1553
Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1 Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API...
EUVD-2025-31294
Malicious code in bioql PyPI...
CVE-2025-60106
Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through = 1.6.0...
WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin EmailKit versions = 1.6.0...