YayMail

YayCommerce

Developer

4.3.4

Latest version

50,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

5 patched

0 Mitigation rules

Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
<= 4.3.2
Feb 18, 2026
Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
<= 4.3.2
Feb 18, 2026
Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
<= 4.3.2
Feb 18, 2026
Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
<= 4.3.2
Feb 18, 2026
Broken Access Control vulnerability
<= 4.3.2
Jan 6, 2026