Vulnerabilities and security researches formake-email-customizer-for-woocommerce make-email-customizer-for-woocommerce

Apr 14, 2025

CVE, Research URL: CVE-2025-32511
Home page URL: Security reports for Make Email Customizer for WooCommerce
Application: Make Email Customizer for WooCommerce
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Excellent Dynamics Make Email Customizer for WooCommerce allows Reflected XSS. This issue affects Make Email Customizer for WooCommerce: from n/a through 1.0.5.
Affected versions: max 1.0.6.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-11237
Home page URL: Security reports for Make Email Customizer for WooCommerce
Application: Make Email Customizer for WooCommerce
Date: Nov 11, 2025
Research Description: The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
Affected versions: max 1.0.6.
Status: vulnerable