{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1831", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-03T14:41:20.453Z", "datePublished": "2026-02-18T07:25:41.707Z", "dateUpdated": "2026-04-08T17:13:15.693Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:15.693Z"}, "affected": [{"vendor": "yaycommerce", "product": "YayMail \u2013 WooCommerce Email Customizer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin."}], "title": "YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.7, "baseSeverity": "LOW"}}], "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta"}], "timeline": [{"time": "2026-02-05T17:24:28.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-17T18:55:15.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T12:25:01.408432Z", "id": "CVE-2026-1831", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T12:52:05.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1831", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T12:25:01.408432Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T12:25:02.669Z"}}], "cna": {"title": "YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation", "credits": [{"lang": "en", "type": "finder", "value": "Daniel Basta"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "yaycommerce", "product": "YayMail \u2013 WooCommerce Email Customizer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.3.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-05T17:24:28.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-17T18:55:15.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183"}, {"url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11"}], "descriptions": [{"lang": "en", "value": "The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:15.693Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1831", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:15.693Z", "dateReserved": "2026-02-03T14:41:20.453Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-18T07:25:41.707Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin."}, {"lang": "es", "value": "El plugin YayMail - WooCommerce Email Customizer para WordPress es vulnerable a la instalaci\u00f3n y activaci\u00f3n no autorizadas de plugins debido a la falta de comprobaciones de capacidad en la acci\u00f3n AJAX 'yaymail_install_yaysmtp' y el endpoint REST `/yaymail/v1/addons/activate` en todas las versiones hasta la 4.3.2, inclusive. Esto permite a atacantes autenticados, con acceso de nivel 'Shop Manager' o superior, instalar y activar el plugin YaySMTP."}], "id": "CVE-2026-1831", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-18T08:16:14.873", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.3.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "YayMail \u2013 WooCommerce Email Customizer", "source": "cna", "vendor": "yaycommerce"}, "product": "yaymail_\u2013_woocommerce_email_customizer", "vendor": "yaycommerce"}], "analysis": {"en": {"generated_at": "2026-04-15T17:07:04.228596+00:00", "value": {"mitigation_remediation": ["Upgrade YayMail to version 4.3.3 or later, where missing capability checks have been fixed.", "Verify that the 'yaymail_install_yaysmtp' AJAX action and '/yaymail/v1/addons/activate' REST endpoint no longer respond to requests from users without administrative privileges.", "If an immediate upgrade is not possible, adjust user roles (e.g., with a role editor plugin) to remove the capability that allows plugin activation from the Shop Manager role, thereby enforcing least privilege principles."], "summary": {"action": "Patch", "impact": "Unauthorized plugin installation and activation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all YayMail plugin versions up to 4.3.2 installed on WordPress sites. Users who have the Shop Manager role or higher within WooCommerce should consider these installations as impacted.", "description_and_impact": "The YayMail WooCommerce Email Customizer contains missing capability checks on the AJAX action 'yaymail_install_yaysmtp' and the REST endpoint '/yaymail/v1/addons/activate', permitting authenticated users with Shop Manager or higher roles to install and activate the YaySMTP plugin. This flaw allows an attacker to add additional code to the site without proper authorization, potentially leading to broader privilege escalation or malicious plugin deployment.", "risk_and_exploitability": "The CVSS score of 2.7 indicates low severity, and the EPSS score of less than 1% reflects a very small likelihood of exploitation. The flaw is not listed in the CISA KEV catalog, suggesting no publicly known exploit. The likely attack vector is through a compromised authenticated session on the WordPress admin interface or via a REST call, with the attacker needing at least Shop Manager privileges. Exploitation would allow installation of a third\u2011party plugin without proper authorization, potentially compromising site functionality or enabling further attacks."}}}}, "created": "2026-02-18T10:32:27.591534+00:00", "updated": "2026-04-15T17:30:10.443010+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "yaycommerce", "yaycommerce$PRODUCT$yaymail_\u2013_woocommerce_email_customizer"]}