Whizzu

**Name of the Vulnerable Software and Affected Versions** YayMail - WooCommerce Email Customizer plugin versions up to and including 4.3.2 **Description** The YayMail - WooCommerce Email Customizer plugin for WordPress has a flaw that allows unauthorized plugin installation and activation. This is due to missing capability checks on the `yaymail install yaysmtp` AJAX action and the `/yaymail/v1/addons/activate` API endpoint. Attackers with Shop Manager-level access or higher can exploit this to install and activate the YaySMTP plugin. **Recommendations** Update YayMail - WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions through 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check on the `yaymail import state` AJAX action allows authenticated attackers with Shop Manager-level access or higher to modify arbitrary options on the WordPress site. This can be exploited to elevate user privileges, such as changing the default registration role to administrator and enabling user registration for unauthorized access. The `yaymail import state` action is the component affected. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions through 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress has a flaw that allows unauthorized deletion of the plugin’s license key. This is due to a missing authorization check on the `/yaymail-license/v1/license/delete` API endpoint. Authenticated attackers with Shop Manager-level access or higher can delete the license key by accessing the `/yaymail-license/v1/license/delete` endpoint, provided they have the REST API nonce. The `nonce` is a security token used to prevent cross-site request forgery attacks. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin for WordPress to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions up to and including 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress is susceptible to Stored Cross-Site Scripting through settings. Insufficient input sanitization and output escaping allow authenticated attackers with Shop Manager-level permissions or higher to inject arbitrary web scripts. These scripts execute when a user accesses an injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 **Description** The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the `referencedId` parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. Successful exploitation allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. **Recommendations** Versions prior to and including 2.2.0 should be updated.