CVE-2026-5306

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks when the email encoder setting is enabled...

CVE-2026-3090

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

CVE-2025-13587

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

WordPress Two Factor (2FA) Authentication via Email plugin <= 1.9.8 - Two-Factor Authentication Bypass via token vulnerability

Two-Factor Authentication Bypass via token vulnerability discovered by Ulyses Saicha in WordPress Plugin Two Factor 2FA Authentication via Email versions = 1.9.8...

CVE-2025-13587

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

CVE-2025-13587 Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

CVE-2025-13587 Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token

The Two Factor 2FA Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS882FAVE::wplogin method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes i...

CVE-2025-69102

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through = 1.1.7...

CVE-2025-69102

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through = 1.1.7...

CVE-2025-69102 WordPress WP Test Email plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through = 1.1.7...

CVE-2016-10934

The check-email plugin before 0.5.2 for WordPress has XSS...

CVE-2025-15018

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...

CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its 'randompassword' filter to registration contexts, allowing the filter to affect password reset key...

WordPress Optional Email plugin <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover vulnerability

Unauthenticated Privilege Escalation to Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Optional Email versions = 1.3.11...

WordPress plugin Optional Email 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...

PT-2026-1599

Name of the Vulnerable Software and Affected Versions Optional Email versions prior to 1.3.12 Description The Optional Email plugin for WordPress is susceptible to a privilege escalation issue leading to account takeover. This occurs because the plugin does not limit the 'random password' filter ...

WordPress Hide Email Address plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Hide Email Address plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the inlinecss...

CVE-2025-10019

CVE-2025-10019 is an authorization bypass affecting the WordPress plugin Contact Form Email (contact-form-to-email) up to version 1.3.60. The issue arises from a user-controlled key that enables an improper access-control security level, effectively exposing an insecure direct object reference (I...

CVE-2025-14165

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

EUVD-2025-202990

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...