Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
YayMail: Unsecured Data Can Be Accessed by Hackers
CVE-2026-39496
Summary
A security issue in YayMail, a plugin for YayCommerce, allows hackers to access sensitive data without being detected. This means that attackers can potentially view or modify data they shouldn't have access to. To fix this, update to the latest version of YayMail, which is 4.4.0 or higher.
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a thr...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.
Vulnerability type
CWE-89
SQL Injection
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026