CVE-2026-1831
published 2026-02-18CVE-2026-1831: The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability…
PriorityP411low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.29%
20.9th percentile
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yaycommerce | yaymail_woocommerce_email_customizer | <= 4.3.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1831 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1831 [CRITICAL] CVE-2026-1831 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1831 :
WordPress vulnerability analysis and mitigation
/yaymail/v1/addons/activate
Source : NVD
## 2.7
Score
Published February 18, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
yaymail
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related WordPress vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-0740
CRITICAL
9.8
WordPress
ninja-forms-upload
Bugzilla
CVE-2026-58013 mingw-glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
bugzilla·2026-06-30·CVSS 6.5
CVE-2026-58013 [MEDIUM] CVE-2026-58013 mingw-glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
CVE-2026-58013 mingw-glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
A heap-buffer-overflow READ occurs in g_io_channel_read_line_backend() at giochannel.c:1831 when a custom line terminator of length > 1 is set via g_io_channel_set_line_term(). The memcmp call reads line_term_len bytes from nextchar, but the loop condition nextchar < lastchar only guarantees 1 byte is available. When nextchar is within line_term_len - 1 bytes of lastchar, memcmp reads past the GString buffer into ASan redzone / unallocated memory.
Bugzilla
CVE-2026-58013 glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
bugzilla·2026-06-30·CVSS 6.5
CVE-2026-58013 [MEDIUM] CVE-2026-58013 glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
CVE-2026-58013 glib2: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
A heap-buffer-overflow READ occurs in g_io_channel_read_line_backend() at giochannel.c:1831 when a custom line terminator of length > 1 is set via g_io_channel_set_line_term(). The memcmp call reads line_term_len bytes from nextchar, but the loop condition nextchar < lastchar only guarantees 1 byte is available. When nextchar is within line_term_len - 1 bytes of lastchar, memcmp reads past the GString buffer into ASan redzone / unallocated memory.
Bugzilla
CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
bugzilla·2026-06-30·CVSS 6.5
CVE-2026-58013 [MEDIUM] CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend" [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
A heap-buffer-overflow READ occurs in g_io_channel_read_line_backend() at giochannel.c:1831 when a custom line terminator of length > 1 is set via g_io_channel_set_line_term(). The memcmp call reads line_term_len bytes from nextchar, but the loop condition nextchar < lastchar only guarantees 1 byte is available. When nextchar is within line_term_len - 1 bytes of lastchar, memcmp reads past the GString buffer into ASan redzone / unallocated memory.
Discussion:
Bugzilla
CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
bugzilla·2026-06-24·CVSS 6.5
CVE-2026-58013 [MEDIUM] CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
CVE-2026-58013 glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
A heap-buffer-overflow READ occurs in g_io_channel_read_line_backend() at giochannel.c:1831 when a custom line terminator of length > 1 is set via g_io_channel_set_line_term(). The memcmp call reads line_term_len bytes from nextchar, but the loop condition nextchar < lastchar only guarantees 1 byte is available. When nextchar is within line_term_len - 1 bytes of lastchar, memcmp reads past the GString buffer into ASan redzone / unallocated memory.
https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve
2026-02-18
Published