Every CVE whose affected-product data names Yaycommerce Yaysmtp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-0953 — CVSS 7.2 (high): The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2…
CVE-2023-3093 — CVSS 7.2 (high): The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5…
CVE-2025-0916 — CVSS 7.2 (high): The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable…
CVE-2025-0918 — CVSS 7.2 (high): The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4…
CVE-2022-2370 — CVSS 6.5 (medium): The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the…
CVE-2022-2371 — CVSS 5.4 (medium): The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as…
CVE-2022-2372 — CVSS 4.8 (medium): The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2022-2369 — CVSS 4.3 (medium): The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as…