CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-27327

The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20929

Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...

CVE-2026-1943

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

CVE-2026-1937

CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress plugin EmailKit – Email Customizer for WooCommerce & WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13974

The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13974

The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content

The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13974

CVE-2025-13974 : The Email Customizer for WooCommerce (WordPress) is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to 2.6.7 due to insufficient input sanitization and output escaping. The flaw allows an authenticated attacker with administrator-level acce...

PT-2026-1612

Name of the Vulnerable Software and Affected Versions The Email Customizer for WooCommerce versions up to and including 2.6.7 Description The Email Customizer for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through email template content. Insufficient input...

WordPress plugin Email Customizer for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Email Template Content vulnerability discovered by fallenofalbaz in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.7...