CVE-2026-0691

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-0691

CVE-2026-0691 applies to CM E-Mail Blacklist – Simple email filtering for safer registration (WordPress plugin) and is an authenticated Stored XSS via the black_email parameter, affecting versions up to 1.6.2. Root cause: insufficient input sanitization and output escaping; impact: authenticated ...

EUVD-2026-3144

The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blackemail' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it...

WordPress plugin CM E-Mail Blacklist – Simple email filtering for safer registrations. Cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress CM E-Mail Blacklist plugin <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'blackemail' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin CM Email Registration Blacklist and Whitelist versions = 1.6.2...

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

Stored Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in email addresses in the email blacklist function which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser...

Pimcore vulnerable to Cross Site Scripting in Email Blacklist

Impact The attacker can execute arbitrary JavaScript and steal Cookies information and use them to hijack the user's session. Patches Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14467.patch Workarounds Apply...

GHSA-96HP-38WX-J3WC Pimcore vulnerable to Cross Site Scripting in Email Blacklist

Impact The attacker can execute arbitrary JavaScript and steal Cookies information and use them to hijack the user's session. Patches Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14467.patch Workarounds Apply...

Stored XSS in Email Blacklist Function

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...