CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

CVE-2026-1831

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

CVE-2026-1831

CVE-2026-1831 (YayMail) is a WordPress plugin vulnerability affecting YayMail – WooCommerce Email Customizer. Wordfence reports missing capability checks on the AJAX action yaymail_install_yaysmtp and the REST endpoint /yaymail/v1/addons/activate, enabling authenticated attackers with Shop Manage...

CVE-2026-1831 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

PT-2026-20287

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail install yaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

EUVD-2022-34638

Malicious code in bioql PyPI...

EUVD-2022-34637

Malicious code in bioql PyPI...

EUVD-2025-4436

Malicious code in bioql PyPI...

EUVD-2023-43781

Malicious code in bioql PyPI...

WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin YaySMTP versions = 1.3...

CVE-2025-48301 WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue affects SMTP for SendGrid – YaySMTP: from n/a through = 1.5...

CVE-2025-48301

CVE-2025-48301 is an SQL Injection vulnerability in the WordPress plugin SMTP for SendGrid – YaySMTP (versions = 1.6. Connected documents corroborate the vulnerability and patch trajectory; no exploits are detailed in the provided material.

WordPress plugin YaySMTP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress YaySMTP plugin <= 2.6.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin YaySMTP versions = 2.6.6...

CVE-2025-53256 WordPress YaySMTP plugin <= 2.6.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP allows SQL Injection.This issue affects YaySMTP: from n/a through 2.6.5...

CVE-2025-53256 WordPress YaySMTP plugin <= 2.6.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.6...

CVE-2023-3093

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2022-2371

The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well...

CVE-2022-2372

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2370

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them...