CVE-2026-56338 Capgo - Denial of Service in 2FA Email Verification via /auth/v1/otp Endpoint

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

CVE-2026-56223 Capgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-user

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

CVE-2026-56223

Capgo

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

CVE-2026-10753 Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

CVE-2026-9178 WP Forms Connector <= 1.8 - Missing Authorization to Unauthenticated Information Exposure via 'user/list' REST Endpoint

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-38657

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2026-10091

The CVE-2026-10091 entry concerns the WordPress Email JavaScript Cloak plugin (

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

WordPress Core - Post Author Email Disclosure

WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'listusers' capability, the search is applied to the useremail column. id:...

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

Strapi Versions <=4.5.5 - SSTI to Remote Code Execution

Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...