WordPress Plugin Vulnerabilities

StoreCustomizer – A plugin to Customize all WooCommerce Pages < 2.6.5 - Missing Authorization

Description

The StoreCustomizer – A plugin to Customize all WooCommerce Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Fixed in 2.6.5

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
PPzzAArr
Verified
No

Timeline

Publicly Published
2026-03-16 (about 3 months ago)
Added
2026-03-19 (about 3 months ago)
Last Updated
2026-04-15 (about 2 months ago)

Other