yaycommerce 厂商漏洞列表 / CVE 中文分析 24

yaycommerce 厂商相关 24 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

yaycommerce 是一款面向电商场景的开源内容管理系统，旨在提供灵活的数字化零售解决方案。截至最新统计，该项目已收录 24 条 CVE 漏洞，历史高危问题多集中于远程代码执行、跨站脚本及权限绕过等类型，反映出其在输入验证与访问控制方面曾存在显著缺陷。尽管部分漏洞已修复，但鉴于其处理用户生成内容及支付数据的特性，安全配置与依赖更新仍是运维重点，建议管理员密切关注官方补丁以防范潜在风险。

Top products by yaycommerce: YayMail – WooCommerce Email Customizer YaySMTP YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service SMTP for SendGrid – YaySMTP SMTP for Amazon SES – YaySMTP YayExtra YayCurrency YayMail YayExtra – WooCommerce Extra Product Options Brand SMTP for Sendinblue – YaySMTP SMTP for Amazon SES YayPricing

CVEs 24

CVE ID	标题	CVSS	风险等级	Published
CVE-2026-39496	WordPress plugin YayMail SQL注入漏洞 — YayMailCWE-89	7.6	High	2026-04-08
CVE-2025-67994	WordPress plugin YayCurrency 安全漏洞 — YayCurrencyCWE-862	7.5	High	2026-02-20
CVE-2026-27327	WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞 — YayMailCWE-862	4.3	Medium	2026-02-19
CVE-2026-1831	WordPress plugin YayMail - WooCommerce Email Customizer 安全漏洞 — YayMail – WooCommerce Email CustomizerCWE-862	2.7	Low	2026-02-18
CVE-2026-1943	WordPress plugin YayMail – WooCommerce Email Customizer 跨站脚本漏洞 — YayMail – WooCommerce Email CustomizerCWE-79	4.4	Medium	2026-02-18
CVE-2026-1938	WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞 — YayMail – WooCommerce Email CustomizerCWE-862	5.3	Medium	2026-02-18
CVE-2026-1937	WordPress plugin YayMail – WooCommerce Email Customizer 安全漏洞 — YayMail – WooCommerce Email CustomizerCWE-862	7.2	High	2026-02-18
CVE-2025-60077	WordPress plugin YayPricing 安全漏洞 — YayPricingCWE-862	7.5	High	2025-12-18
CVE-2025-60114	WordPress plugin YayCurrency 代码注入漏洞 — YayCurrencyCWE-94	6.6	Medium	2025-09-26
CVE-2025-48161	WordPress plugin YaySMTP SQL注入漏洞 — YaySMTPCWE-89	7.6	High	2025-07-16
CVE-2025-48299	WordPress plugin YayExtra SQL注入漏洞 — YayExtraCWE-89	7.6	High	2025-07-16
CVE-2025-48301	WordPress plugin SMTP for SendGrid – YaySMTP SQL注入漏洞 — SMTP for SendGrid – YaySMTPCWE-89	7.6	High	2025-07-16
CVE-2025-54043	WordPress plugin SMTP for Amazon SES SQL注入漏洞 — SMTP for Amazon SESCWE-89	7.6	High	2025-07-16
CVE-2025-53256	WordPress plugin YaySMTP SQL注入漏洞 — YaySMTPCWE-89	7.6	High	2025-06-27
CVE-2025-47587	WordPress plugin YaySMTP SQL注入漏洞 — YaySMTPCWE-89	7.6	High	2025-05-07
CVE-2025-3434	WordPress plugin YaySMTP 跨站脚本漏洞 — SMTP for Amazon SES – YaySMTPCWE-79	7.2	High	2025-04-11
CVE-2025-31415	WordPress plugin YayExtra 安全漏洞 — YayExtraCWE-862	7.6	High	2025-04-01
CVE-2025-0957	WordPress plugin SMTP for Amazon SES 跨站脚本漏洞 — SMTP for Amazon SES – YaySMTPCWE-79	7.2	High	2025-02-22
CVE-2025-0953	WordPress plugin SMTP for Sendinblue 跨站脚本漏洞 — SMTP for Sendinblue – YaySMTPCWE-79	7.2	High	2025-02-22
CVE-2025-0918	WordPress plugin SMTP for SendGrid 跨站脚本漏洞 — SMTP for SendGrid – YaySMTPCWE-79	7.2	High	2025-02-22
CVE-2025-0916	WordPress plugin YaySMTP and Email Logs 跨站脚本漏洞 — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP ServiceCWE-79	7.2	High	2025-02-19
CVE-2024-54348	WordPress plugin Brand 跨站脚本漏洞 — BrandCWE-79	6.5	Medium	2024-12-16
CVE-2024-7257	WordPress plugin YayExtra 安全漏洞 — YayExtra – WooCommerce Extra Product OptionsCWE-434	9.8	Critical	2024-08-03
CVE-2023-3093	WordPress Plugin YaySMTP 跨站脚本漏洞 — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP ServiceCWE-79	7.2	High	2023-07-12

本页汇总了 yaycommerce 厂商截至目前公开的全部 24 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

yaycommerce 厂商漏洞列表 / CVE 中文分析 24

目标达成感谢每一位支持者 — 我们达成了 100% 目标！