Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 24 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-39496 WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability YayCommerceYayMail--2026-04-08 08:30:12 Deep Dive
CVE-2025-67994 WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability YayCommerceYayCurrency High 7.5 2026-02-20 15:46:33 Deep Dive
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability YayCommerceYayMail--2026-02-19 20:35:41 Deep Dive
CVE-2026-1831 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation yaycommerceYayMail – WooCommerce Email Customizer Low 2.7 2026-02-18 07:25:42 Deep Dive
CVE-2026-1943 YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements yaycommerceYayMail – WooCommerce Email Customizer Medium 4.4 2026-02-18 07:25:41 Deep Dive
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint yaycommerceYayMail – WooCommerce Email Customizer Medium 5.3 2026-02-18 07:25:40 Deep Dive
CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action yaycommerceYayMail – WooCommerce Email Customizer High 7.2 2026-02-18 06:42:41 Deep Dive
CVE-2025-60077 WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability YayCommerceYayPricing--2025-12-18 07:22:06 Deep Dive
CVE-2025-60114 WordPress YayCurrency plugin <= 3.3.1 - Remote Code Execution (RCE) vulnerability YayCommerceYayCurrency Medium 6.6 2025-09-26 08:31:32 Deep Dive
CVE-2025-48161 WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability YayCommerceYaySMTP High 7.6 2025-07-16 10:36:56 Deep Dive
CVE-2025-48299 WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability YayCommerceYayExtra High 7.6 2025-07-16 10:36:54 Deep Dive
CVE-2025-48301 WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability YayCommerceSMTP for SendGrid – YaySMTP High 7.6 2025-07-16 10:36:53 Deep Dive
CVE-2025-54043 WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability YayCommerceSMTP for Amazon SES High 7.6 2025-07-16 10:36:51 Deep Dive
CVE-2025-53256 WordPress YaySMTP plugin <= 2.6.6 - SQL Injection Vulnerability YayCommerceYaySMTP High 7.6 2025-06-27 13:21:05 Deep Dive
CVE-2025-47587 WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability YayCommerceYaySMTP High 7.6 2025-05-07 14:20:21 Deep Dive
CVE-2025-3434 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs yaycommerceSMTP for Amazon SES – YaySMTP High 7.2 2025-04-11 08:21:32 Deep Dive
CVE-2025-31415 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability YayCommerceYayExtra High 7.6 2025-04-01 05:31:43 Deep Dive
CVE-2025-0957 Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs yaycommerceSMTP for Amazon SES – YaySMTP High 7.2 2025-02-22 13:45:13 Deep Dive
CVE-2025-0953 SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs yaycommerceSMTP for Sendinblue – YaySMTP High 7.2 2025-02-22 12:39:22 Deep Dive
CVE-2025-0918 SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs yaycommerceSMTP for SendGrid – YaySMTP High 7.2 2025-02-22 12:39:21 Deep Dive