All 3 CVE vulnerabilities found in EmailKit – Email Customizer for WooCommerce & WP, with AI-generated Chinese analysis, references, and POCs.
Vendor: roxnor
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3474 | EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter CWE-22 | 4.9 | Medium | 2026-03-20 |
| CVE-2026-1925 | EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification CWE-862 | 4.3 | Medium | 2026-02-18 |
| CVE-2025-14059 | EmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path Traversal CWE-73 | 6.5 | Medium | 2026-01-07 |
All 3 known CVE vulnerabilities affecting EmailKit – Email Customizer for WooCommerce & WP with full Chinese analysis, references, and POCs where available.