8 matches found
CVE-2026-39496
CVE-2026-39496 is a SQL Injection vulnerability in the WordPress plugin YayMail (YayCommerce) "yaymail" affecting versions from n/a up to and including 4.3.3. The root cause is improper neutralization of special elements used in SQL commands, leading to Blind SQL Injection. The connected records ...
CVE-2026-39496 WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...
CVE-2026-27327
The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version <= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...