84 matches found
WordPress Email Encoder plugin < 2.4.7 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Bundle versions 2.4.7...
WordPress Email Encoder Premium plugin < 0.3.12 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Premium versions 0.3.12...
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5306
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
CVE-2026-2840
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-7083
The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
EUVD-2026-31068
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5776
The CVE concerns the Email Encoder WordPress plugin prior to version 2.4.7. The root cause is failure to escape email addresses retrieved from user input, enabling unauthenticated stored XSS when affected data is rendered. Affected product: Email Encoder plugin for WordPress; vulnerable component...
WordPress plugin Email Encoder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
PT-2026-42111
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...
CVE-2026-5306
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
EUVD-2026-25995
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
PT-2026-35668
The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...
WordPress Email Encoder plugin < 2.3.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Encoder Bundle versions 2.3.4...
EUVD-2024-55553
The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7083
The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...