Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11402

Malware in sbrugna...

6.8CVSS6.6AI score0.0054EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.10 views

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

6.8CVSS6.9AI score0.0054EPSS
Exploits2References1
OSV
OSV
added 2021/09/13 6:15 p.m.6 views

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

6.8CVSS5.8AI score0.0054EPSS
Exploits2References1
NVD
NVD
added 2021/09/13 6:15 p.m.14 views

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

6.8CVSS0.0054EPSS
Exploits2References1
Prion
Prion
added 2021/09/13 6:15 p.m.17 views

Cross site request forgery (csrf)

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

6CVSS6.7AI score0.0054EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/09/13 5:56 p.m.60 views

CVE-2021-24490

The CVE-2021-24490 entry concerns the WordPress plugin Email Artillery (MASS EMAIL) up to version 4.1, where the Import Emails feature allows arbitrary file uploads due to improper validation and also lacks CSRF protection. The root cause is failure to properly check uploaded files and the absenc...

6.8CVSS6.7AI score0.0054EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.20 views

CVE-2021-24490 Email Artillery <= 4.1 - Arbitrary File Upload

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

6.9AI score0.0054EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.3 views

WordPress 插件代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress plugin that stems from the Email Artillery MASS EMAIL plugin...

6.8CVSS6.8AI score0.0054EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.12 views

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yes=no="="...

Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.11 views

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections PoC https://example.com/wp-admin/admin.php?page=etmbu-all-posts=yesid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...

Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.20 views

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

6.8CVSS6.5AI score0.0054EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.13 views

Email Artillery <= 4.1 - CSRF to Stored XSS

The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. PoC...

1.4AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.477 views

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin...

0.6AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.543 views

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

The plugin does not sanitise, validate or escape some user input before using it in SQL statements in the admin dashboard, leading to SQL Injections https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&postid=1%20AND%20SELECT%2042%20FROM%20SELECTSLEEP5aa...

1.3AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.509 views

Email Artillery <= 4.1 - CSRF to Stored XSS

The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. alert/XSS/' /...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2021/08/16 12:0 a.m.579 views

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

6.8CVSS6.6AI score0.0054EPSS
Exploits2
Rows per page
Query Builder