Vulnerabilities and security researches foremailkit emailkit

Apr 15, 2026

CVE, Research URL: CVE-2026-1925
Home page URL: Security reports for EmailKit -WooCommerce Email Customizer
Application: EmailKit -WooCommerce Email Customizer
Date: Feb 18, 2026
Research Description: The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.
Affected versions: max 1.6.3.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-3474
Home page URL: Security reports for EmailKit -WooCommerce Email Customizer
Application: EmailKit -WooCommerce Email Customizer
Date: Mar 21, 2026
Research Description: The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 1.6.3. This is due to the action() function in the TemplateData class passing user-supplied input from the 'emailkit-editor-template' REST API parameter directly to file_get_contents() without any path validation, sanitization, or restriction to an allowed directory. This makes it possible for authenticated attackers, with Administrator-level access, to read arbitrary files on the server (such as /etc/passwd or wp-config.php) by supplying a traversal path. The file contents are stored as post meta and can subsequently be retrieved via the fetch-data REST API endpoint. Notably, the CheckForm class in the same plugin implements proper path validation using realpath() and directory restriction, demonstrating that the developer was aware of the risk but failed to apply the same protections to the TemplateData endpoint.
Affected versions: max 1.6.4.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2025-14059
Home page URL: Security reports for EmailKit -WooCommerce Email Customizer
Application: EmailKit -WooCommerce Email Customizer
Date: Jan 07, 2026
Research Description: The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the create_template REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed directly to file_get_contents() without sanitization. This makes it possible for authenticated attackers with Author-level permissions or higher to read arbitrary files on the server, including sensitive configuration files like /etc/passwd and wp-config.php, via the REST API. The file contents are stored in post meta and can be exfiltrated through MetForm's email confirmation feature.
Affected versions: max 1.6.2.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-60106
Home page URL: Security reports for EmailKit -WooCommerce Email Customizer
Application: EmailKit -WooCommerce Email Customizer
Date: Sep 26, 2025
Research Description: Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.
Affected versions: max 1.6.0.
Status: vulnerable