Yaycommerce Yaymail Woocommerce Email Customizer vulnerabilities
4 known vulnerabilities affecting yaycommerce/yaymail_woocommerce_email_customizer.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-1937P2HIGHCVSS 7.2Exploited≤ 4.3.22026-02-18
CVE-2026-1937 [HIGH] CWE-862 CVE-2026-1937: The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modifi
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level acces
nvd
CVE-2026-1938P4MEDIUMCVSS 5.3≤ 4.3.22026-02-18
CVE-2026-1938 [MEDIUM] CWE-862 CVE-2026-1938: The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized licens
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to delet
nvd
CVE-2026-1943P4MEDIUMCVSS 4.4≤ 4.3.22026-02-18
CVE-2026-1943 [MEDIUM] CWE-79 CVE-2026-1943: The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site S
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scrip
nvd
CVE-2026-1831P4LOWCVSS 2.7≤ 4.3.22026-02-18
CVE-2026-1831 [LOW] CWE-862 CVE-2026-1831: The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with
nvd