267 matches found
CVE-2026-27327
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-27327
The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
PT-2026-20929
Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1831
CVE-2026-1831 (YayMail) is a WordPress plugin vulnerability affecting YayMail – WooCommerce Email Customizer. Wordfence reports missing capability checks on the AJAX action yaymail_install_yaysmtp and the REST endpoint /yaymail/v1/addons/activate, enabling authenticated attackers with Shop Manage...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
PT-2026-6250
Name of the Vulnerable Software and Affected Versions Atarim versions through 4.3.1 Description An authorization issue exists in Vito Peleg Atarim atarim-visual-collaboration, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Atarim to a...
CVE-2026-24570
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through = 4.3.2...
CVE-2026-24570
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through = 4.3.2...
WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Edwiser Bridge versions = 4.3.2...
CVE-2018-4290
A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2...
CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...
PT-2026-1425
Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to and including 4.3.2 Description The LearnPress – WordPress LMS Plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the catch l...
CVE-2025-68084
Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through = 4.3.3...
CVE-2025-66125
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.3...
EUVD-2025-203535
Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through = 4.3.2...
EUVD-2025-203585
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through = 4.3.2...