Yayextra

CVEs (2)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-48299	Hig	0.49	7.6	0.00		Jul 16, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through <= 1.5.5.
CVE-2025-31415	Hig	0.49	7.6	0.00		Apr 1, 2025	Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.

CVE-2025-48299HigJul 16, 2025
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through <= 1.5.5.
CVE-2025-31415HigApr 1, 2025
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.