CVE-2026-12137 - SysBasics Customize My Account for WooCommerce
CVE ID : CVE-2026-12137
Published : June 18, 2026, 6:50 a.m. | 52 minutes ago
Description : The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for Wor...
The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers …
