CVE-2026-1831

LOW

YayMail WooCommerce Email Customizer <=4.3.2 - Privilege Escalation

Title source: llm

Description

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymail_install_yaysmtp' AJAX action and `/yaymail/v1/addons/activate` REST endpoint in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to install and activate the YaySMTP plugin.

References (5)

Core 5

Core References

Product

https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Ajax.php#L183

Product

https://plugins.trac.wordpress.org/browser/yaymail/tags/4.3.2/src/Controllers/AddonController.php#L76

Product

https://plugins.trac.wordpress.org/browser/yaymail/trunk/src/Ajax.php#L183

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460087%40yaymail&new=3460087%40yaymail&sfp_email=&sfph_mail=#file11

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/a568162a-5a2d-47ab-9dfe-2f2f5f324f0d?source=cve

Scores

CVSS v3 2.7

EPSS 0.0029

EPSS Percentile 20.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

yaycommerce/YayMail – WooCommerce Email Customizer < 4.3.2

Published Feb 18, 2026

Tracked Since Feb 18, 2026