GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

GHSA-RFQ9-4WCM-64GH ImapEngine affected by command injection via the ID command parameters

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

EUVD-2007-5988

Malware in sbrugna...

EUVD-2002-2298

Malware in sbrugna...

EUVD-2021-31582

Malicious code in bioql PyPI...

CVE-2024-5808

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2023-6611

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAILID leads to sql injection. The exploit has been disclosed to the public and may be used...

CVE-2002-2320

MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3...

WordPress Email Keep plugin <= 1.1 - Email Deletion via CSRF vulnerability

Email Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Email Keep versions = 1.1...

Exploit for CVE-2025-24587

CVE-2025-24587 1️⃣ Component type WordPress plugin 2️⃣ ...

WordPress WP Ajax Contact Form plugin <= 2.2.2 - Arbitrary Email Deletion via CSRF vulnerability

Arbitrary Email Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Ajax Contact Form versions = 2.2.2...

CVE-2024-5808

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2024-5808

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2024-5808 WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

WordPress plugin WP Ajax Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-37171 · WordPress · Wp Ajax Contact Form

Name of the Vulnerable Software and Affected Versions: WP Ajax Contact Form WordPress plugin versions 2.2.2 and earlier Description: The issue concerns a lack of CSRF check when deleting emails from the email list. This could allow attackers to make a logged-in admin perform such an action via a...

WordPress ContentLock plugin <= 1.0.3 - Groups/Emails Deletion via CSRF vulnerability

Groups/Emails Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin ContentLock versions = 1.0.3...

Mailhog 1.0.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on: Windows,Linux,Docker CV...

Mailhog 1.0.1 Cross Site Scripting

Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Date: 06.18.2022 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on:...

CVE-2021-44777

Cross-Site Request Forgery CSRF vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin versions = 5.2.6...