VYPR

Woo Mail Woocommerce Email Customizer

by WordPress

CVEs (5)

  • CVE-2026-1937HigFeb 18, 2026
    risk 0.47cvss 7.2epss 0.00

    The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the `yaymail_import_state` AJAX action in all versions up to, and including, 4.3.2.…

  • CVE-2026-1943MedFeb 18, 2026
    risk 0.29cvss 4.4epss 0.00

    The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-13747MedMar 5, 2025
    risk 0.28cvss 4.3epss 0.00

    The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers,…

  • CVE-2026-1938MedFeb 18, 2026
    risk 0.27cvss 5.3epss 0.00

    The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in versions up to, and including, 4.3.2. This makes it possible for…

  • CVE-2026-1831LowFeb 18, 2026
    risk 0.18cvss 2.7epss 0.00

    The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to,…