by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Dam Spam (WordPress plugin) versions up to and including 1.0.8 have a Medium-severity issue (CVSS 4.3) that can be exploited through Cross-Site Request Forgery (CSRF). The attack path is straightforward: an unauthenticated attacker crafts a malicious...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1938 is a Medium-severity (CVSS 5.3) vulnerability affecting the WordPress plugin YayMail – WooCommerce Email Customizer (slug: yaymail) in versions up to and including 4.3.2. The issue centers on the plugin’s REST endpoint...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Medium severity vulnerability (CVSS 4.3) in Kali Forms — Contact Form & Drag-and-Drop Builder (slug: kali-forms) affects all versions up to 2.4.8. It can be exploited remotely over the internet without user interaction. The primary attack path is an...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1831 affects the YayMail – WooCommerce Email Customizer plugin (slug: yaymail) up to version 4.3.2 and is rated Low severity (CVSS 2.7). The issue can be exploited by an already authenticated WordPress user with Shop Manager-level access or...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1943 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the YayMail – WooCommerce Email Customizer plugin (slug: yaymail) in versions up to and including 4.3.2. The attack requires an authenticated user with Shop...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Marketing and operations teams often grant “Shop Manager” access to handle orders, refunds, and customer communications. In YayMail – WooCommerce Email Customizer (plugin slug: yaymail) versions up to 4.3.2, that level of access (and above) can be...
Recent Comments