by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Medium severity vulnerability (CVSS 4.3) in Kali Forms — Contact Form & Drag-and-Drop Builder (slug: kali-forms) affects all versions up to 2.4.8. It can be exploited remotely over the internet without user interaction. The primary attack path is an...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1831 affects the YayMail – WooCommerce Email Customizer plugin (slug: yaymail) up to version 4.3.2 and is rated Low severity (CVSS 2.7). The issue can be exploited by an already authenticated WordPress user with Shop Manager-level access or...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1943 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the YayMail – WooCommerce Email Customizer plugin (slug: yaymail) in versions up to and including 4.3.2. The attack requires an authenticated user with Shop...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Marketing and operations teams often grant “Shop Manager” access to handle orders, refunds, and customer communications. In YayMail – WooCommerce Email Customizer (plugin slug: yaymail) versions up to 4.3.2, that level of access (and above) can be...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2296 is a High severity vulnerability (CVSS 7.2) affecting the WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields (slug: woo-custom-product-addons) in versions up to and including 3.1.0. The primary attack...
Recent Comments