Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

yaycommerce — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting yaycommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by yaycommerce:YayMail – WooCommerce Email CustomizerYaySMTPYaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP ServiceSMTP for SendGrid – YaySMTPSMTP for Amazon SES – YaySMTPYayExtraYayCurrencyYayMailYayExtra – WooCommerce Extra Product OptionsBrandSMTP for Sendinblue – YaySMTPSMTP for Amazon SESYayPricing
CVE IDTitleCVSSSeverityPublished
CVE-2026-39496 WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability — YayMailCWE-89 9.8AICriticalAI2026-04-08
CVE-2025-67994 WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability — YayCurrencyCWE-862 7.5 High2026-02-20
CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability — YayMailCWE-862 4.3 Medium2026-02-19
CVE-2026-1831 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation — YayMail – WooCommerce Email CustomizerCWE-862 2.7 Low2026-02-18
CVE-2026-1943 YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements — YayMail – WooCommerce Email CustomizerCWE-79 4.4 Medium2026-02-18
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint — YayMail – WooCommerce Email CustomizerCWE-862 5.3 Medium2026-02-18
CVE-2026-1937 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action — YayMail – WooCommerce Email CustomizerCWE-862 7.2 High2026-02-18
CVE-2025-60077 WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability — YayPricingCWE-862 7.5 High2025-12-18
CVE-2025-60114 WordPress YayCurrency plugin <= 3.3.1 - Remote Code Execution (RCE) vulnerability — YayCurrencyCWE-94 6.6 Medium2025-09-26
CVE-2025-48161 WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability — YaySMTPCWE-89 7.6 High2025-07-16
CVE-2025-48299 WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability — YayExtraCWE-89 7.6 High2025-07-16
CVE-2025-48301 WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability — SMTP for SendGrid – YaySMTPCWE-89 7.6 High2025-07-16
CVE-2025-54043 WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability — SMTP for Amazon SESCWE-89 7.6 High2025-07-16
CVE-2025-53256 WordPress YaySMTP plugin <= 2.6.6 - SQL Injection Vulnerability — YaySMTPCWE-89 7.6 High2025-06-27
CVE-2025-47587 WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability — YaySMTPCWE-89 7.6 High2025-05-07
CVE-2025-3434 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Amazon SES – YaySMTPCWE-79 7.2 High2025-04-11
CVE-2025-31415 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability — YayExtraCWE-862 7.6 High2025-04-01
CVE-2025-0957 Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Amazon SES – YaySMTPCWE-79 7.2 High2025-02-22
CVE-2025-0953 SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Sendinblue – YaySMTPCWE-79 7.2 High2025-02-22
CVE-2025-0918 SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for SendGrid – YaySMTPCWE-79 7.2 High2025-02-22
CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP ServiceCWE-79 7.2 High2025-02-19
CVE-2024-54348 WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability — BrandCWE-79 6.5 Medium2024-12-16
CVE-2024-7257 YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function — YayExtra – WooCommerce Extra Product OptionsCWE-434 9.8 Critical2024-08-03
CVE-2023-3093 YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP ServiceCWE-79 7.2 High2023-07-12

This page lists every published CVE security advisory associated with yaycommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.