A vulnerability was found in phppoet SysBasics Customize My Account for WooCommerce Plugin up to 4.3.6 on WordPress. It has been rated as problematic . This impacts the function plugin_options_page of the component Admin Dashboard Page . Performing a manipulation of the argument tab results in cross site scripting. This vulnerability was named CVE-2026-12137 . The attack may be initiated remotely. There is no available exploit.