56 matches found
CVE-2026-27327
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-27327
The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...
CVE-2026-1831
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1937
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...
CVE-2026-1943
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...
CVE-2026-1943
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...
CVE-2026-1937
CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content
The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
CVE-2025-67599
Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through = 2.1.1...
CVE-2025-67599
CVE-2025-67599 affects the WordPress plug‑in WebToffee eCommerce Marketing Automation (decorator-woocommerce-email-customizer) up to version 2.1.1. The root cause is a Missing Authorization due to incorrectly configured access control security levels, enabling potential unauthorized access. The i...
PT-2025-49973
Name of the Vulnerable Software and Affected Versions WebToffee eCommerce Marketing Automation versions through 2.1.1 Description A missing authorization issue exists in the WebToffee eCommerce Marketing Automation plugin's decorator-woocommerce-email-customizer component. This allows exploitatio...
CVE-2025-13387 Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-13387
CVE-2025-13387 affects Kadence WooCommerce Email Designer for WordPress. The WordPress plugin is vulnerable to unauthenticated stored cross-site scripting via the customer name in all versions up to 1.5.17 due to insufficient input sanitization and output escaping. Several connected sources confi...
EUVD-2021-11736
Malware in sbrugna...