Vulnerabilities > Yaycommerce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-3093 | Cross-site Scripting vulnerability in Yaycommerce Yaysmtp The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2022-08-01 | CVE-2022-2370 | Missing Authorization vulnerability in Yaycommerce Yaysmtp The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them | 6.5 |