Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.6 views

CVE-2026-1937

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

9.8CVSS5.7AI score0.00411EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/18 6:42 a.m.33 views

CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS0.00411EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/18 6:42 a.m.5 views

CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/18 12:23 a.m.9 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability

Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

9.8CVSS5.5AI score0.00411EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder