Lucene search
K

95 matches found

Cvelist
Cvelist
added 2025/07/16 9:22 a.m.9 views

CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...

7.5CVSS0.00441EPSS
Exploits0References4
CVE
CVE
added 2025/07/16 9:22 a.m.33 views

CVE-2025-6993

CVE-2025-6993 affects the Ultimate WP Mail plugin for WordPress (versions 1.0.17–1.3.6). The vulnerability arises from improper authorization in the get_email_log_details AJAX handler, which reads client-supplied post_id and returns the corresponding email log content (including the admin passwor...

8.8CVSS6.3AI score0.00441EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.6 views

WordPress plugin Ultimate WP Mail 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.6AI score0.00441EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29716 · WordPress · The Ultimate Wp Mail

Name of the Vulnerable Software and Affected Versions: The Ultimate WP Mail versions 1.0.17 through 1.3.6 Description: The plugin is susceptible to privilege escalation due to insufficient authorization within the get email log details AJAX handler. The handler retrieves email log post content,...

8.8CVSS6.6AI score0.00441EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.9 views

CVE-2023-52233

Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6...

9.8CVSS7AI score0.00367EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.8 views

CVE-2021-24924

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.008EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24758

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...

8.8CVSS7.1AI score0.01292EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.8 views

CVE-2019-18982

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header...

6.1CVSS6.9AI score0.01088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:9 p.m.8 views

CVE-2024-0867

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

8.1CVSS7.3AI score0.00824EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/14 12:0 a.m.16 views

WordPress Post SMTP Mailer/Email Log Plugin < 2.8.8 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpexperts:postsmtp"; ifdescription...

7.2CVSS6.1AI score0.00941EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2024/08/14 12:0 a.m.25 views

WordPress Post SMTP Mailer/Email Log Plugin < 2.8.7 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpexperts:postsmtp"; ifdescription...

9.8CVSS6.7AI score0.90339EPSS
Exploits10References4
WPVulnDB
WPVulnDB
added 2024/06/14 12:0 a.m.22 views

Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI

Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This make...

2.7CVSS6.2AI score0.00336EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/06/13 8:31 a.m.72 views

CVE-2024-3073

CVE-2024-3073 : Easy WP SMTP by SendLayer (WordPress plugin)

2.7CVSS3.9AI score0.00336EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.5 views

PT-2024-14497 · Unknown · Post Smtp Mailer/Email Log

Name of the Vulnerable Software and Affected Versions: Post SMTP Mailer/Email Log versions n/a through 2.8.6 Description: The issue is related to a Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log. Recommendations: For Post SMTP Mailer/Email Log versions n/a through...

9.8CVSS6.7AI score0.00367EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.7 views

WordPress plugin Post SMTP Mailer/Email Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

9.8CVSS6.7AI score0.00367EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/24 6:53 a.m.5 views

WordPress Email Log plugin <= 2.4.8 - Unauthenticated Hook Injection vulnerability

Unauthenticated Hook Injection vulnerability discovered by Sean Murphy in WordPress Plugin Email Log versions = 2.4.8...

8.1CVSS7.3AI score0.00824EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/24 6:15 a.m.20 views

CVE-2024-0867

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/24 5:30 a.m.26 views

CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/24 5:30 a.m.9 views

CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
CVE
CVE
added 2024/05/24 5:30 a.m.58 views

CVE-2024-0867

CVE-2024-0867 – Email Log (WordPress) vulnerability : Unauthenticated Hook Injection in all versions up to 2.4.8 via check_nonce. An attacker can execute actions with hooks without authentication under conditions where a nonce check is present and a nonce is known, and where there is no capabilit...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
Rows per page
Query Builder