Vulnerabilities and security researches fordecorator-woocommerce-email-customizer decorator-woocommerce-email-customizer
Direction: ascendingJun 07, 2024
Decorator – WooCommerce Email Customizer # CVE-2023-48284
- CVE, Research URL
- Application
- Date
- Nov 30, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.
- Affected versions
-
max 1.2.8.
- Status
-
vulnerable
Decorator – WooCommerce Email Customizer # a0dfff23347fb8634c7b2e3eaceab9ec48191dbd
- CVE, Research URL
- Application
- Date
- Nov 02, 2023
- Research Description
- Decorator – WooCommerce Email Customizer [decorator-woocommerce-email-customizer] < 1.2.8 Decorator - WooCommerce Email Customizer <= 1.2.7 - Cross-Site Request Forgery The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing nonce validation on several functions such as ajax_reset(), wt_decorator_button_text(), wt_decorator_set_as_default(), and more. This makes it possible for unauthenticated attackers to modify several settings from the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 1.2.8.
- Status
-
vulnerable
Jan 09, 2026
Decorator – WooCommerce Email Customizer # CVE-2025-67599
- CVE, Research URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
- Affected versions
-
max 2.1.1.
- Status
-
vulnerable