Vulnerabilities in yaycommerce

24 results
CVE-2024-7257CRITICALYayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file FunctionEPSS 1.0%CVE-2023-3093HIGHYaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via EmailEPSS 0.5%CVE-2025-0957HIGHVulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email LogsEPSS 0.5%CVE-2026-1937HIGHYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX ActionEPSS 0.4%CVE-2025-3434HIGHSMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email LogsEPSS 0.4%CVE-2025-48299HIGHWordPress YayExtra plugin <= 1.5.5 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-47587HIGHWordPress YaySMTP plugin <= 2.6.4 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-53256HIGHWordPress YaySMTP plugin <= 2.6.6 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-48161HIGHWordPress YaySMTP plugin <= 1.3 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-48301HIGHWordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-0916HIGHYaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2025-0918HIGHSMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email LogsEPSS 0.3%CVE-2025-0953HIGHSMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email LogsEPSS 0.3%CVE-2025-67994HIGHWordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-1938MEDIUMYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' EndpointEPSS 0.3%CVE-2025-31415HIGHWordPress YayExtra <= 1.5.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-1831LOWYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and ActivationEPSS 0.3%CVE-2025-54043HIGHWordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-60077HIGHWordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-39496HIGHWordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerabilityEPSS 0.3%