{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11237", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-10-02T04:56:22.528Z", "datePublished": "2025-11-11T06:00:04.427Z", "dateUpdated": "2026-04-02T12:39:51.448Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:51.448Z"}, "title": "Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Make Email Customizer for WooCommerce", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.0.6"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options."}], "references": [{"url": "https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-12T21:24:53.667628Z", "id": "CVE-2025-11237", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T21:25:16.821Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-11237", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-12T21:24:53.667628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-12T21:25:11.159Z"}}], "cna": {"title": "Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Make Email Customizer for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.6"}], "defaultStatus": "unknown"}], "references": [{"url": "https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:51.448Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11237", "state": "PUBLISHED", "dateUpdated": "2026-04-02T12:39:51.448Z", "dateReserved": "2025-10-02T04:56:22.528Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-11-11T06:00:04.427Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options."}], "id": "CVE-2025-11237", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-11T06:15:34.690", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/88b46752-051b-4468-9e2b-cc81a9ce1075/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred"}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:23:07.267379+00:00", "value": {"mitigation_remediation": ["Restrict the AJAX action so that only administrators can invoke it, either by editing the plugin or using a role\u2011management tool.", "Remove or downgrade the Subscriber role's capability to edit options through a capabilities plugin or custom code.", "Deploy a security plugin that blocks unauthorized AJAX calls or monitors for unauthorized option changes."], "summary": {"action": "Implement Workaround", "impact": "Privilege Escalation via Arbitrary Option Modification"}, "threat_synthesis": {"affected_systems": "The affected product is the Make Email Customizer for WooCommerce plugin installed on WordPress sites. Versions through 1.0.6 are vulnerable. Any site that has installed this plugin and grants normal Subscriber roles to users is at risk, even if the attacker does not have administrative privileges.", "description_and_impact": "The vulnerability resides in the Make Email Customizer for WooCommerce plugin through version 1.0.6, where callback functions handling AJAX requests lack checks that confirm the caller is authorized to perform configuration changes. An authenticated user with the Subscriber role can therefore invoke these endpoints and submit arbitrary option names and values, overriding default WordPress settings. This allows the attacker to alter site behavior, potentially modify URLs, feature flags, or logging settings, which could degrade site integrity or expose further attack vectors.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate impact, with the EPSS score listed as < 1% suggesting a very low probability of exploitation in the wild. The vulnerability is not currently recorded in CISA's KEV catalog. The attack vector requires the attacker to be authenticated; therefore, a legitimate user with Subscriber privileges can send a crafted AJAX request to alter options. Because the plugin permits arbitrary option updates, the attacker could potentially impact configuration settings that influence overall site functionality or security."}}}}, "created": "2025-11-12T12:42:42.789866+00:00", "updated": "2026-04-28T10:30:29.016542+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}