cleantalk
Vulnerabilities and Security Researches

YayMail – WooCommerce Email Customizer, CVE-2026-39496

CVE, Research URL

CVE-2026-39496

Home page URL

Security reports for YayMail – WooCommerce Email Customizer

Application

YayMail – WooCommerce Email Customizer

Published on
Apr 08, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.
Affected versions
max 4.3.4.
Status
vulnerable
Previous vulnerability researches
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-1943) , Apr 14, 2026
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-1831) , Apr 14, 2026
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-1938) , Apr 14, 2026
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-39496) , Apr 13, 2026
YayMail &#8211; WooCommerce Email Customizer (CVE-2026-1937) , Apr 14, 2026
New vulnerability
Check &amp; Log Email (CVE-2026-5306) , Apr 29, 2026
Complianz &#8211; GDPR/CCPA Cookie Consent (CVE-2026-4019) , Apr 29, 2026
Booking Package (CVE-2026-4911) , Apr 29, 2026
Templately – Gutenberg &amp; Elementor Template Library: 5000+ Free &amp; Pro Ready Templates &amp; Cloud! (CVE-2026-42379) , Apr 28, 2026
WPIDE &#8211; File Manager &amp; Code Editor , Apr 28, 2026