Lucene search
K

9 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.6 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 9:38 p.m.10 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/28 12:30 a.m.14 views

EUVD-2026-32678

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.4 views

CVE-2025-14070

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS6AI score0.0039EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.4 views

CVE-2025-14070 Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS5.9AI score0.0039EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.23 views

CVE-2025-14070 Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS0.0039EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin Reviewify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

7.5CVSS6.3AI score0.0039EPSS
Exploits0References4
Snyk
Snyk
added 2025/04/08 11:42 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sendTestEmailAction function, which is accessible via the send-test-email endpoint. An attacker can have unescaped HTML rendered by injecting it into the content parameter of the email. Note: Javascript...

4.8CVSS5.3AI score0.00222EPSS
Exploits0References2
CNVD
CNVD
added 2019/12/26 12:0 a.m.1 views

WordPress Email Subscribers & Newsletters Elevation of Privilege Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers & Newsletters is an email subscription and newsletter plugin used in it. An elevation of privilege vulnerability exis...

4.3CVSS6.9AI score0.01016EPSS
Exploits1References1
Rows per page
Query Builder