CVE-2026-1925 - EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - missing authorization...

CVE ID : CVE-2026-1925 Published : Feb. 18, 2026, 5:16 a.m. | 29 minutes ago Description : The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title of any post on the site, including posts, pages, and custom post types. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...