32 matches found
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1091 more potentially affected by CVE-2026-25896 via fast-xml-parser (>=5.0.1 <=5.3.4)
fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-25896 Source advisory: OSV:GHSA-M7JM-9GC2-MPF2...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1091 more potentially affected by CVE-2026-25896 via fast-xml-parser (>=5.0.1 <=5.3.4)
fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-25896 Source advisory: SNYK:JS-FASTXMLPARSER-15324289...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +988 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)
fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-25128 Source advisory: OSV:GHSA-37QJ-FRW5-HHJH...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +988 more potentially affected by CVE-2026-25128 via fast-xml-parser (>=5.0.9 <=5.3.3)
fast-xml-parser NPM version =5.0.9, =0.5.4, =0.0.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =1.4.37, =1.6.11, =1.7.1 and more Source cves: CVE-2026-25128 Source advisory: SNYK:JS-FASTXMLPARSER-15155603...
EUVD-2025-4436
Malicious code in bioql PyPI...
EUVD-2025-21660
Malicious code in bioql PyPI...
CVE-2025-54043
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce SMTP for Amazon SES smtp-amazon-ses allows SQL Injection.This issue affects SMTP for Amazon SES: from n/a through = 1.9...
WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for Amazon SES versions = 1.9...
CVE-2025-54043
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce SMTP for Amazon SES smtp-amazon-ses allows SQL Injection.This issue affects SMTP for Amazon SES: from n/a through = 1.9...
CVE-2025-54043
CVE-2025-54043 : WordPress SMTP for Amazon SES (YayCommerce SMTP) contains a SQL Injection in versions n/a through 1.9 due to improper neutralization of special elements in SQL commands. The CVSS v3.1 score is 7.6 (HIGH) with network attack vector, low attack complexity, and user interaction requ...
PT-2025-29764 · Yaycommerce · Yaycommerce Smtp For Amazon Ses
Name of the Vulnerable Software and Affected Versions: YayCommerce SMTP for Amazon SES versions n/a through 1.9 Description: A SQL Injection issue exists in YayCommerce SMTP for Amazon SES. The vulnerability is due to improper neutralization of special elements used in an SQL command...
WordPress plugin SMTP for Amazon SES SQL注入漏洞
WordPress SMTP for Amazon SES is a plugin or configuration solution for sending emails via Amazon Simple Email Service in WordPress sites. WordPress SMTP for Amazon SES suffers from a SQL injection vulnerability that stems from improper input neutralization, and no detailed vulnerability details...
CVE-2025-3434
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2025-3434
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress SMTP for Amazon SES – YaySMTP plugin <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability
Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability discovered by zer0gh0st in WordPress Plugin SMTP for Amazon SES versions = 1.8...
CVE-2025-0957
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2025-0957 Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2025-0957
CVE-2025-0957 : The WordPress plugin “SMTP for Amazon SES – YaySMTP” is vulnerable to unauthenticated stored XSS up to version 1.7.1 due to insufficient input sanitization and output escaping. This allows an attacker to inject scripts on pages that execute when a user visits the page. Affected p...
CVE-2025-0957 Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs
The SMTP for Amazon SES – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...