WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

CVE-2026-1381 Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields

The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...