Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.1.8 – Missing Authorization | CVE 2025-30993 | Plugin Vulnerabilities

Description

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

woo-thank-you-page-customizer

Fixed in 1.1.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6c369971-1ae2-4e26-80cc-cf25d25a310e

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

ch4r0n

Verified

No

WPVDB ID

3494c607-65f5-413d-a4b4-5ae7f50ef746

Timeline

Publicly Published

2025-08-11 (about 10 months ago)

Added

2025-08-18 (about 10 months ago)

Last Updated

2025-09-15 (about 9 months ago)

Other

Published

Title

Published

2025-10-08

Title

Open Close WooCommerce Store <= 4.9.8 - Missing Authorization

Published

2024-05-16

Title

Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.6 - Missing Authorization

Published

2024-08-16

Title

Order Tracking < 3.3.13 - Missing Authorization via send_test_email()

Published

2025-12-12

Title

Gallery Blocks with Lightbox < 3.3.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

Published

2025-11-03

Title

Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass