cleantalk
Vulnerabilities and Security Researches

Mesmerize Companion, CVE-2025-12027

CVE, Research URL

CVE-2025-12027

Home page URL

Security reports for Mesmerize Companion

Application

Mesmerize Companion

Published on
Feb 19, 2026
Research Description
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. This makes it possible for authenticated attackers - with subscriber level access and above, on websites with the Mesmerize theme activated - to mark arbitrary pages as maintainable, wrap their content in custom sections, change page template metadata, and toggle the default editor flag without proper authorization.
Affected versions
max 1.6.162.
Status
vulnerable
Previous vulnerability researches
Mesmerize Companion (CVE-2025-12027) , Feb 27, 2026
Mesmerize Companion (CVE-2024-3494) , Jun 07, 2024
Mesmerize Companion (CVE-2022-4481) , Jun 07, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026