YaySMTP – Simple WP SMTP Mail Security Vulnerabilities
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...
6.4CVSS
8.2AI Score
0.001EPSS
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
EPSS
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
3.5AI Score
EPSS
CVE-2024-3073 Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI
The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible....
2.7CVSS
EPSS
Vulnerability in program/lib/Roundcube/rcube_string_replacer.php component of RoundCube mail client Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting (XSS)...
6.1CVSS
6.2AI Score
0.113EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Summary By combining two vulnerabilities (an Open Redirect and session token sent as URL query parameter) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click)....
7.1CVSS
7.1AI Score
0.001EPSS
SummerNote Cross Site Scripting Vulnerability
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
6.1AI Score
0.0004EPSS
SummerNote Cross Site Scripting Vulnerability
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
6.1AI Score
0.0004EPSS
0.0004EPSS
6.2AI Score
0.0004EPSS
GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow via the component gdb.selected_inferior().read_memory at...
0.0004EPSS
GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow via the component gdb.selected_inferior().read_memory at...
7.5AI Score
0.0004EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
0.001EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
9.4AI Score
0.001EPSS
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site...
9.8CVSS
0.001EPSS
Using AI for Political Polling
Public polling is a critical function of modern political campaigns and movements, but it isn't what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse.....
6.5AI Score
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
CVE-2024-4898-Poc CVE-2024-4898 InstaWP Connect – 1-click WP...
9.8CVSS
7.1AI Score
0.001EPSS
CVE-2023-40603 WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...
5.3CVSS
0.0004EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
CVE-2023-44234 WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through...
4.3CVSS
0.0004EPSS
CVE-2023-38395 WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through...
5.4CVSS
0.0004EPSS
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...
4.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
CVE-2023-51526 WordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...
4.3CVSS
0.0004EPSS
[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...
8.3CVSS
7AI Score
0.0005EPSS
[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
9.8CVSS
7.3AI Score
0.973EPSS
GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow via the component gdb.selected_inferior().read_memory at...
0.0004EPSS
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
0.0004EPSS
Patch Tuesday, June 2024 “Recall” Edition
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system.....
9.8CVSS
8.9AI Score
0.003EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
5.3AI Score
0.0004EPSS
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through...
5.3CVSS
6.9AI Score
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
0.0004EPSS
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through...
5.3CVSS
5.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
8.6AI Score
0.0004EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
0.0004EPSS
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through...
5.3CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through...
8.6CVSS
0.0004EPSS