Lucene search
K

101 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43773

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00444EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin Mail Baby SMTP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 8:27 a.m.2 views

CVE-2025-9219 Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update

The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatepostsmtpprooptioncallback'...

4.3CVSS4.6AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/28 12:37 p.m.10 views

CVE-2025-48327 WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through = 1.0.7...

5.3CVSS0.0027EPSS
Exploits0References1
HackRead
HackRead
added 2025/07/28 4:43 p.m.7 views

Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts

If you're running a WordPress site and rely on the Post SMTP plugin for email delivery, there's something…...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.11 views

CVE-2023-3092

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated...

7.2CVSS6.9AI score0.00491EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/21 6:37 p.m.7 views

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Contact Form & SMTP Plugin versions = 2.5.2...

6.1CVSS5.7AI score0.00257EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/27 6:15 a.m.23 views

CVE-2024-11273

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

6.1CVSS5.8AI score0.00257EPSS
Exploits1References1
CVE
CVE
added 2025/03/25 6:0 a.m.68 views

CVE-2024-11273

CVE-2024-11273 affects the WordPress plugin "Contact Form & SMTP Plugin for WordPress by PirateForms" prior to version 2.6.0. The issue is due to insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin), even when unfiltere...

6.1CVSS5.9AI score0.00257EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.4 views

WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.1CVSS6.1AI score0.00257EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/25 12:0 a.m.5 views

PT-2025-12748 · WordPress · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form & SMTP Plugin for WordPress by PirateForms versions prior to 2.6.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are...

6.1CVSS5.6AI score0.00257EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/03/10 6:47 a.m.16 views

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.6AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/03/08 7:15 a.m.16 views

CVE-2024-13908

The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

7.2CVSS0.00773EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/08 7:4 a.m.10 views

CVE-2024-13908 SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload

The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

7.2CVSS7.3AI score0.00773EPSS
Exploits0References3
NVD
NVD
added 2025/03/08 6:15 a.m.32 views

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/08 5:30 a.m.8 views

CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.3AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2025/03/08 5:30 a.m.60 views

CVE-2024-13844

The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...

4.9CVSS5.2AI score0.00368EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/03/08 5:30 a.m.35 views

CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00368EPSS
Exploits0References4
CVE
CVE
added 2025/02/22 1:45 p.m.71 views

CVE-2025-0957

CVE-2025-0957 : The WordPress plugin “SMTP for Amazon SES – YaySMTP” is vulnerable to unaut­henticated stored XSS up to version 1.7.1 due to insufficient input sanitization and output escaping. This allows an attacker to inject scripts on pages that execute when a user visits the page. Affected p...

7.2CVSS6.2AI score0.00459EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/22 12:0 a.m.5 views

PT-2025-7478 · WordPress · Sendinblue – Yaysmtp

Name of the Vulnerable Software and Affected Versions: Sendinblue – YaySMTP plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers ...

7.2CVSS8.2AI score0.00332EPSS
Exploits0References12
Rows per page
Query Builder