26 matches found
CVE-2026-46584
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...
PT-2026-27432
Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source affected versions not specified Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed CRLF sequences within DNS responses. An attacker...
EUVD-2023-43891
Malicious code in bioql PyPI...
EUVD-2025-17173
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
Jakarta Mail vulnerable to SMTP Injection
In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...
CVE-2025-7962
In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...
CVE-2025-28974
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
CVE-2025-28974
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
CVE-2025-28974
CVE-2025-28974 is a CSRF-to-Stored XSS vulnerability in the Free WP Mail SMTP (mail250) WordPress plugin. The issue affects Free WP Mail SMTP versions from n/a through 1.0, with a CVSSv3.1 base score of 7.1 (High). The connected documentation confirms the vulnerability class (CSRF leading to Stor...
CVE-2025-28974 WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
PT-2025-24129 · WordPress · Free Wp Mail Smtp
Name of the Vulnerable Software and Affected Versions: Free WP Mail SMTP versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...
WordPress plugin Free WP Mail SMTP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2023-3213
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure
Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...
CVE-2024-6694
CVE-2024-6694 affects the WP Mail SMTP plugin for WordPress up to version 4.0.1. An authenticated admin can view the SMTP password in the SMTP Password field when viewing settings, leading to information exposure of the configured mail server credentials. The documented impact is limited to infor...
PT-2024-37803 · WordPress · Wp Mail Smtp
Name of the Vulnerable Software and Affected Versions: WP Mail SMTP plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with administrative-level access and above to view the SMTP password for the supplied server when viewing the setting...
CVE-2023-3213
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
Design/Logic Flaw
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
CVE-2023-3213 WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...