YayMail – WooCommerce Email Customizer WordPress Plugin Security Vulnerabilities | WPScan

7

May 21, 2026

50000

Published

2026-04-20

Title

YayMail – WooCommerce Email Customizer < 4.3.4 - Authenticated (Shop manager+) PHP Object Injection

Fixed in

Fixed in 4.3.4

CVSS

6.6 (medium)

Published

2026-03-15

Title

YayMail < 4.3.4 - Authenticated (Shop manager+) SQL Injection

Fixed in

Fixed in 4.3.4

CVSS

4.9 (medium)

Published

2026-02-17

Title

YayMail < 4.3.3 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

Fixed in

Fixed in 4.3.3

CVSS

5.3 (medium)

Published

2026-02-17

Title

YayMail < 4.3.3 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation

Fixed in

Fixed in 4.3.3

CVSS

2.7 (low)

Published

2026-02-17

Title

YayMail < 4.3.3 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements

Fixed in

Fixed in 4.3.3

CVSS

4.4 (medium)

Published

2026-02-17

Title

YayMail < 4.3.3 - Shop Manager+ Arbitrary Options Update

Fixed in

Fixed in 4.3.3

CVSS

7.2 (high)

Published

2026-01-06

Title

YayMail – WooCommerce Email Customizer < 4.3.3 - Missing Authorization

Fixed in

Fixed in 4.3.3

CVSS

4.3 (medium)