cleantalk
Vulnerabilities and Security Researches

Decorator – WooCommerce Email Customizer, a0dfff23347fb8634c7b2e3eaceab9ec48191dbd

CVE, Research URL

a0dfff23347fb8634c7b2e3eaceab9ec48191dbd

Home page URL

Security reports for Decorator – WooCommerce Email Customizer

Application

Decorator – WooCommerce Email Customizer

Published on
Nov 02, 2023
Research Description
Decorator &#8211; WooCommerce Email Customizer [decorator-woocommerce-email-customizer] < 1.2.8 Decorator - WooCommerce Email Customizer <= 1.2.7 - Cross-Site Request Forgery The Decorator – WooCommerce Email Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing nonce validation on several functions such as ajax_reset(), wt_decorator_button_text(), wt_decorator_set_as_default(), and more. This makes it possible for unauthenticated attackers to modify several settings from the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.2.8.
Status
vulnerable
Previous vulnerability researches
Decorator &#8211; WooCommerce Email Customizer (CVE-2025-67599) , Jan 09, 2026
Decorator &#8211; WooCommerce Email Customizer (CVE-2023-48284) , Jun 07, 2024
Decorator &#8211; WooCommerce Email Customizer (a0dfff23347fb8634c7b2e3eaceab9ec48191dbd) , Jun 07, 2024
New vulnerability
WPBakery Visual Composer WHMCS Elements (CVE-2025-68574) , Jan 11, 2026
WP Coupons and Deals &#8211; WordPress Coupon Plugin (CVE-2025-64241) , Jan 11, 2026
Gutenverse Form (CVE-2025-68511) , Jan 11, 2026
Gutenverse Form (CVE-2025-14984) , Jan 11, 2026
Team Member Showcase Staff List Plugin &#8211; Employee Spotlight (CVE-2025-13403) , Jan 11, 2026