CVE-2025-11237

Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

Description

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.

INFO

Published Date :

2025-11-11T06:00:04.427Z

Last Modified :

2026-04-02T12:39:51.448Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11237 vulnerability.

Vendors	Products
Wordpress	Wordpress

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11237.

URL	Resource
https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact