Lucene search
+L

267 matches found

NVD
NVD
added 2026/02/19 9:18 p.m.8 views

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

4.3CVSS0.002EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:35 p.m.15 views

CVE-2026-27327

The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...

4.3CVSS5.9AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:35 p.m.2 views

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:35 p.m.27 views

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

4.3CVSS0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS5.5AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20929

Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...

5.5AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2026/02/18 8:16 a.m.7 views

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS0.00307EPSS
Exploits0References4
CVE
CVE
added 2026/02/18 7:25 a.m.25 views

CVE-2026-1831

CVE-2026-1831 (YayMail) is a WordPress plugin vulnerability affecting YayMail – WooCommerce Email Customizer. Wordfence reports missing capability checks on the AJAX action yaymail_install_yaysmtp and the REST endpoint /yaymail/v1/addons/activate, enabling authenticated attackers with Shop Manage...

2.7CVSS5.5AI score0.00293EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 7:25 a.m.32 views

CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

5.3CVSS0.00307EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6250

Name of the Vulnerable Software and Affected Versions Atarim versions through 4.3.1 Description An authorization issue exists in Vito Peleg Atarim atarim-visual-collaboration, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Atarim to a...

5.3CVSS5.4AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.7 views

CVE-2026-24570

Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through = 4.3.2...

5.4CVSS5.4AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:28 p.m.2 views

CVE-2026-24570

Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through = 4.3.2...

5.4CVSS5.9AI score0.00209EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/01/21 12:54 p.m.8 views

WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Edwiser Bridge versions = 4.3.2...

5.4CVSS5.4AI score0.00209EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.7 views

CVE-2018-4290

A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2...

5.9CVSS6AI score0.00841EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 8:21 a.m.3 views

CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...

5.3CVSS5AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.7 views

PT-2026-1425

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the catch l...

5.3CVSS5.9AI score0.00232EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.7 views

CVE-2025-68084

Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through = 4.3.3...

5.4CVSS5.7AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-66125

Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.3...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.5 views

EUVD-2025-203535

Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through = 4.3.2...

6.5AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 9:31 a.m.5 views

EUVD-2025-203585

Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.2...

5.3CVSS6.4AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder