WebToffee eCommerce Marketing Automation Missing Authorization Vulnerability in Email Customizer Plugin

Vulnerability

A missing authorization vulnerability has been identified in the WebToffee eCommerce Marketing Automation decorator for the WooCommerce Email Customizer. This vulnerability allows exploitation of improperly configured access control security levels. It affects versions of the WebToffee eCommerce Marketing Automation plugin from an unspecified version up to and including 2.1.1.

Impact

Exploitation of this vulnerability could lead to unauthorized access or actions being performed on behalf of a user, due to the broken access control.

Added: Dec 9, 2025, 5:42 PM

Updated: Dec 9, 2025, 11:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebToffee eCommerce Marketing Automation Missing Authorization Vulnerability in Email Customizer Plugin

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating