CVE-2025-11237

CVE-2025-11237: Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

Vendor Unknown
Product Make Email Customizer for WooCommerce
Published November 11, 2025
Last update April 2, 2026

CVSS base score

What the vulnerability does

01Description

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
April 2, 2026 Record updated