153 matches found
CVE-2024-3406
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Seo Panel 安全漏洞
Seo Panel is a free search engine optimization software from Seo Panel Open Source. A security vulnerability exists in Seo Panel version 4.11.0, which stems from mishandling of the email settings component and could allow a remote attacker to obtain sensitive information...
Server Side Request Forgery (SSRF)
shopxo/shopxo is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-supplied URLs in the Email Settings feature, allows attackers to manipulate the server into making arbitrary requests to internal or external resources...
CVE-2025-28093
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
Server-side Request Forgery (SSRF)
Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Email Settings. An attacker can manipulate the server into making requests to unintended locations by sending crafted inputs to the affected settings...
GHSA-GFHV-5RQH-7QX3 ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
CVE-2025-28093
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
CVE-2025-28093
ShopXO CVE-2025-28093 affects ShopXO v6.4.0 with a Server-Side Request Forgery (SSRF) in the Email Settings feature. Exploitation arises from insufficient validation of user-supplied URLs, enabling the server to initiate arbitrary outbound requests to internal or external resources. The CVSSv3.1 ...
CVE-2025-28093
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
CVE-2025-28093
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
PT-2025-13589 · Shopxo · Shopxo
Name of the Vulnerable Software and Affected Versions: ShopXO version 6.4.0 Description: The issue is related to Server-Side Request Forgery SSRF in the Email Settings. This means an attacker could potentially forge requests from the server, leading to unauthorized access to internal systems or...
CVE-2025-28093
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...
ShopXO 安全漏洞
ShopXO is an open source enterprise-grade open source e-commerce system from ShopXO Inc. A security vulnerability exists in ShopXO version v6.4.0, which originates from server-side request forgery in email settings...
CVE-2023-51314
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51309
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51310
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51297
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51293
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51310
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...