YayMail – WooCommerce Email Customizer, PSC-2026-64649
- PSC, Research URL
- Application
- Published on
- Apr 28, 2026
- Research Description
- WooCommerce email customization plugins operate on a sensitive boundary between order data, customer communication, template rendering, and admin-side content editing. These plugins often process customer names, billing and shipping details, order metadata, payment-related labels, coupons, custom fields, and transactional email content. A weakness in this class of plugin can lead to stored XSS in email templates or admin previews, unauthorized modification of transactional communications, data leakage through shortcodes or preview logic, or abuse of import/export and template management functionality. YayMail – WooCommerce Email Customizer version 4.4.0 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64649, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WooCommerce email template, shortcode, preview, and customization plugins.
- Affected versions
-
Min 4.4.0, max 4.4.0.
- Status
-
SAFE & CERTIFIED