A vulnerability was found in phppoet SysBasics Customize My Account for WooCommerce Plugin up to 4.3.6 on WordPress. It has been declared as problematic . This affects the function wcmamtx_get_avatar_default of the component Shortcode Handler . Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-12136 . The attack can be launched remotely. No exploit exists.