6 matches found
CVE-2026-1631
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1631
The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...
CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion
The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer for WordPress is affected by CVE-2026-1938: versions up to 4.3.2 expose the REST endpoint /yaymail-license/v1/license/delete without proper authorization, enabling authenticated attackers (Shop Manager level and higher) to delete the plugin license key i...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...