132 matches found
WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability
Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...
CVE-2026-6963
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2026-6963
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
EUVD-2026-26736
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2026-6963 WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2026-6963 WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2026-6963
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
WordPress plugin WP Mail Gateway 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-36568
Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9 Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher...
A Lightweight Defense Mechanism against Next Generation of Phishing Emails Using Distilled Attention-Augmented BiLSTM
The current generation of large language models produces sophisticated social-engineering content that bypasses standard text screening systems in business communication platforms. Our proposed solution for mail gateway and endpoint deception detection operates in a privacy-protective manner whil...
CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...
CVE-2022-35508
Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...
CVE-2022-35507
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...
EUVD-2018-18050
Malware in sbrugna...
EUVD-2015-8911
Malware in sbrugna...
EUVD-2013-5867
Malware in sbrugna...
EUVD-2018-18052
Malware in sbrugna...
EUVD-2015-8912
Malware in sbrugna...
EUVD-2018-18051
Malware in sbrugna...
EUVD-2020-7581
Malware in sbrugna...