101 matches found
EUVD-2023-43773
Malicious code in bioql PyPI...
WordPress plugin Mail Baby SMTP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
CVE-2025-9219 Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update
The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatepostsmtpprooptioncallback'...
CVE-2025-48327 WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through = 1.0.7...
Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts
If you're running a WordPress site and rely on the Post SMTP plugin for email delivery, there's something…...
CVE-2023-3092
The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated...
WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Contact Form & SMTP Plugin versions = 2.5.2...
CVE-2024-11273
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...
CVE-2024-11273
CVE-2024-11273 affects the WordPress plugin "Contact Form & SMTP Plugin for WordPress by PirateForms" prior to version 2.6.0. The issue is due to insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin), even when unfiltere...
WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2025-12748 · WordPress · Contact Form & Smtp Plugin
Name of the Vulnerable Software and Affected Versions: The Contact Form & SMTP Plugin for WordPress by PirateForms versions prior to 2.6.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are...
CVE-2024-13844
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13908
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2024-13908 SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2024-13844
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13844
The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...
CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-0957
CVE-2025-0957 : The WordPress plugin “SMTP for Amazon SES – YaySMTP” is vulnerable to unauthenticated stored XSS up to version 1.7.1 due to insufficient input sanitization and output escaping. This allows an attacker to inject scripts on pages that execute when a user visits the page. Affected p...
PT-2025-7478 · WordPress · Sendinblue – Yaysmtp
Name of the Vulnerable Software and Affected Versions: Sendinblue – YaySMTP plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers ...