Lucene search
K

95 matches found

CNNVD
CNNVD
added 2024/05/24 12:0 a.m.5 views

WordPress plugin Email Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

8.1CVSS6.6AI score0.00824EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.5 views

PT-2024-15876 · WordPress · Email Log

Name of the Vulnerable Software and Affected Versions: Email Log plugin for WordPress versions up to, and including, 2.4.8 Description: The issue allows unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. This is possible when the action the attacker...

8.1CVSS7AI score0.00824EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.12 views

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

8.1CVSS6.8AI score0.00824EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.11 views

Email Log < 2.4.9 - Unauthenticated Hook Injection

Description The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The...

8.1CVSS9.6AI score0.00824EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/19 8:15 p.m.9 views

CVE-2024-25634

alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue...

7.2CVSS6.9AI score0.00748EPSS
Exploits1References1
CVE
CVE
added 2024/01/11 8:33 a.m.210 views

CVE-2023-6875

WordPress POST SMTP Mailer plugin (

9.8CVSS7.2AI score0.90339EPSS
In wildExploits6References4Affected Software1
Prion
Prion
added 2024/01/03 5:15 a.m.27 views

Cross site scripting

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...

4.9CVSS6.2AI score0.00941EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2024/01/03 4:29 a.m.29 views

CVE-2023-7027 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This...

7.2CVSS6.4AI score0.00941EPSS
Exploits2References4
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.340 views

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. 1. Install Post SMTP in version 3. Visit /wp-admin/admin.php?page=postmanemaillog Post SMTP - Email Log 4...

6.1CVSS6.1AI score0.0051EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.17 views

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. PoC 1. Install Post SMTP in version Email Log 4. Click 'View' next to the first record. 5. The message is...

6.1CVSS6.1AI score0.0051EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.16 views

WordPress Post SMTP Mailer/Email Log Plugin < 2.1.7 SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpexperts:postsmtp"; ifdescription...

7.2CVSS7AI score0.01039EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.13 views

WordPress Post SMTP Mailer/Email Log Plugin < 2.1.4 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS5.3AI score0.00538EPSS
Exploits2References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.17 views

WordPress Post SMTP Mailer/Email Log Server Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server request forgery...

7.2CVSS6.9AI score0.01039EPSS
Exploits2References1
CVE
CVE
added 2022/09/26 12:35 p.m.87 views

CVE-2022-2352

CVE-2022-2352 affects the WordPress Post SMTP Mailer/Email Log plugin prior to 2.1.7. The issue is lack of proper authorization in certain AJAX actions, enabling high-privilege users (e.g., admins) to perform blind SSRF on multisite installations. Remediation is to update to version 2.1.7 or late...

7.2CVSS6.8AI score0.01039EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/09/16 9:15 a.m.19 views

CVE-2022-2351

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00538EPSS
Exploits2References1
CVE
CVE
added 2022/09/16 8:40 a.m.79 views

CVE-2022-2351

The CVE-2022-2351 entry applies to the WordPress Post SMTP Mailer/Email Log plugin (versions before 2.1.4). The root cause is failure to escape certain settings before output in the admin dashboard, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallow...

4.8CVSS4.8AI score0.00538EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.6 views

WordPress plugin Post SMTP Mailer/Email Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00538EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/09/05 12:0 a.m.20 views

WordPress Post SMTP Mailer/Email Log plugin <= 2.1.6 - Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability

Authenticated Blind Server-Side Request Forgery SSRF vulnerability discovered by Raad Haddad Cloudyrion GmbH in WordPress Post SMTP Mailer/Email Log plugin versions = 2.1.6. Solution Update the WordPress Post SMTP Mailer/Email Log plugin to the latest available version at least 2.1.7...

7.2CVSS1.3AI score0.01039EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/05/24 5:1 p.m.18 views

GHSA-M4X3-XMJV-R778 Pimcore Cross-site Scripting (XSS) vulnerability

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header...

6.1CVSS6.2AI score0.01088EPSS
Exploits0References4
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.138 views

Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The plugin saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. curl https://example.com/wp-content/plugins/logwpmail/log/LWPMAIL-20220330-success.log...

7.5CVSS1.8AI score0.01394EPSS
Exploits2
Rows per page
Query Builder