Authenticated attackers with Shop Manager access can escalate their privileges to Administrator by exploiting a security flaw in the YayMail WordPress plugin.

The plugin fails to perform a capability check on the yaymail_import_state AJAX action. This allows authenticated attackers with Shop Manager-level access to modify arbitrary WordPress options, such as enabling open registration and setting the default role to administrator.

This vulnerability enables privilege escalation, allowing lower-level staff or compromised accounts to take full control of the WordPress site. The CVSS score of 9.8 reflects the high probability of total site compromise and the resulting theft of customer data and intellectual property.

Immediate Action: Update the YayMail – WooCommerce Email Customizer plugin to version 4.3.3 or higher immediately.

Proactive Monitoring: Review WordPress user roles for unauthorized new administrator accounts and check the wp_options table for unauthorized changes to registration settings.

Compensating Controls: Use a security plugin to monitor AJAX actions and restrict access to the WordPress dashboard for non-essential personnel.

Public Exploit Available: false

Privilege escalation vulnerabilities in popular plugins like YayMail pose a significant risk to e-commerce operations. Administrators must update the plugin immediately to the latest version to ensure that unauthorized users cannot seize control of the platform.