Lucene search
+L

6 matches found

nvd
nvd
added 2026/02/18 7:16 a.m.8 views

CVE-2026-1937

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS0.00411EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/02/18 6:42 a.m.6 views

CVE-2026-1937

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

9.8CVSS5.7AI score0.00411EPSS
Exploits1References5
cvelist
cvelist
added 2026/02/18 6:42 a.m.33 views

CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS0.00411EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/02/18 6:42 a.m.5 views

CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the yaymailimportstate AJAX action in all versions up to, and including, 4.3.2. This makes it possible for...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References4
patchstack
patchstack
added 2026/02/18 12:23 a.m.10 views

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability

Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

9.8CVSS5.5AI score0.00411EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.12 views

PT-2026-20293

Name of the Vulnerable Software and Affected Versions YayMail – WooCommerce Email Customizer plugin for WordPress versions through 4.3.2 Description The YayMail – WooCommerce Email Customizer plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege...

9.8CVSS5.4AI score0.00411EPSS
Exploits1References12
Rows per page
Query Builder