Broken Access Control in VillaTheme Thank You Page Customizer for WooCommerce
CVE-2025-30993

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Thank You Page Customizer For WooCommerce – Increase Your Sales
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-30993?

A vulnerability exists in the VillaTheme Thank You Page Customizer for WooCommerce that allows attackers to exploit incorrectly configured access control settings. This can lead to unauthorized access to sensitive functionalities of the plugin, potentially jeopardizing user data and website integrity. Users of versions 1.1.7 and earlier are particularly at risk and are urged to implement security measures to fortify their applications.

Affected Version(s)

Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7

References

https://patchstack.com/database/wordpress/plugin/woo-than...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

ch4r0n (Patchstack Alliance)