WordPress WP Test Email plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Silent Breach in WordPress Plugin WP Test Email versions = 1.1.8...

CVE-2024-0866

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The acti...

CVE-2025-23676

CVE-2025-23676 affects LH Email (WordPress LH Email plugin). The Red Hat advisory notes an Improper Neutralization of Input leading to Reflected XSS in LH Email up to version 1.12. The vulnerability is described as Reflected XSS in LH Email with unpatched status per the LH Email entry. Connected ...

CVE-2025-23676 WordPress LH Email plugin <= 1.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Email lh-email allows Reflected XSS.This issue affects LH Email: from n/a through = 1.12...

WordPress plugin LH Email 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress LH Email plugin <= 1.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin LH Email versions = 1.12...

WordPress WP e-Commerce Style Email plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP e-Commerce Style Email versions = 0.6.2...

WordPress Send Users Email Plugin <= 1.5.1 is vulnerable to Sensitive Data Exposure

Software Send Users Email Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38760 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 13aaf3930e9f Credits Joshua...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.15 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.15 Fixed in 5.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a734d5d11361 Credits Peter1...

Cross site scripting

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. Th...

Contact Form Email < 1.3.42 - Captcha Bypass

Description The Contact Form Email plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.3.41. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

CVE-2023-27605 WordPress WP Reroute Email Plugin <= 1.4.6 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6...

WordPress Plugin WP Reroute Email SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Reroute...

CVE-2023-45008

CVE-2023-45008 affects the WPJohnny Comment Reply Email plugin for WordPress (versions ≤ 1.0.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) flaw arising from insufficient input validation/escaping in the plugin, enabling an admin or higher-privileged user to ...

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41736 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c95df690c8f5 Credits Rafshanzani Suha...

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3721 WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2023-25830 · WordPress · Wp-Email

Name of the Vulnerable Software and Affected Versions: WP-EMail WordPress plugin versions prior to 2.69.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

WP Reroute Email < 1.4.8 - Cross-Site Request Forgery

Description Cross-Site Request Forgery CSRF vulnerability in Sajjad Hossain WP Reroute Email plugin = 1.4.6 versions...

WordPress Contact Form Email Plugin < 1.3.38 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Email Type Plugin Vulnerable versions 1.3.38 Fixed in 1.3.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2718 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3c1617231fe6 Credits Andreas Damen...