cleantalk
Vulnerabilities and Security Researches

EmailKit -WooCommerce Email Customizer, CVE-2026-1925

CVE, Research URL

CVE-2026-1925

Home page URL

Security reports for EmailKit -WooCommerce Email Customizer

Application

EmailKit -WooCommerce Email Customizer

Published on
Feb 18, 2026
Research Description
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types.
Affected versions
max 1.6.3.
Status
vulnerable
Previous vulnerability researches
LeadConnector (CVE-2026-25441) , Feb 27, 2026
LeadConnector (CVE-2025-30893) , Apr 02, 2025
LeadConnector (CVE-2024-1371) , Jun 06, 2024
LeadConnector (CVE-2024-34378) , Jun 06, 2024
LeadConnector (CVE-2026-1890) , Apr 14, 2026
New vulnerability
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-6461) , Apr 15, 2026
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (CVE-2026-1246) , Apr 15, 2026
NextScripts: Social Networks Auto-Poster (CVE-2026-3228) , Apr 15, 2026
Code Snippets (CVE-2026-1785) , Apr 15, 2026
WP Data Access (CVE-2026-0557) , Apr 15, 2026