cleantalk
Vulnerabilities and Security Researches

EmailKit -WooCommerce Email Customizer, CVE-2026-1925

CVE, Research URL

CVE-2026-1925

Home page URL

Security reports for EmailKit -WooCommerce Email Customizer

Application

EmailKit -WooCommerce Email Customizer

Published on
Feb 18, 2026
Research Description
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.
Affected versions
max 1.6.3.
Status
vulnerable
Previous vulnerability researches
Conditional Menus (CVE-2023-2654) , Jun 07, 2024
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
New vulnerability
Spectra – WordPress Gutenberg Blocks (CVE-2026-0950) , Apr 15, 2026
Snow Monkey Forms (CVE-2026-1056) , Apr 15, 2026
Timeline Event History (CVE-2026-1127) , Apr 15, 2026
Beaver Builder – WordPress Page Builder (CVE-2026-1231) , Apr 15, 2026
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-6461) , Apr 15, 2026