YayMail – WooCommerce Email Customizer

Vulnerabilities 7Slug yaymailLatest version 4.4.0WordPress.org →

Minimum safe version

4.3.4

Update to 4.3.4 or later to address 7 fixable vulnerabilities

Latest available4.4.0
N/A
2026-04-20< 4.3.4

YayMail – WooCommerce Email Customizer <= 4.3.3 - Authenticated (Shop manager+) PHP Object Injection

WordfenceCVE
N/A
2026-02-17< 4.3.3

YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements

WordfenceCVE
N/A
2026-02-17< 4.3.3

YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action

WordfenceCVE
N/A
2026-02-17< 4.3.3

YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

WordfenceCVE
N/A
2026-02-17< 4.3.3

YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation

WordfenceCVE