WordPress Responsive Blocks plugin <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter vulnerability

Unauthenticated Open Email Relay via REST API 'emailto' Parameter vulnerability discovered by Even S in WordPress Plugin Responsive Blocks versions = 2.2.0...

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

PT-2026-6301

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, contains a flaw in its authentication implementation that allows an unauthenticated attacker to determine if an email address is registered within the...

WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability

Unauthenticated Email Exposure via wdkpublicaction vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Directory Kit versions = 1.4.9...

CVE-2025-12895

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

CVE-2025-12895

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

PT-2025-50891

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

CVE-2025-10873

CVE-2025-10873 : ElementInvader Addons for Elementor (WordPress) before 1.4.1 allows an unauthenticated user to send arbitrary emails to arbitrary addresses due to a missing authorization check on the elementinvader_addons_for_elementor_forms_send_form action. Affected plugin versions are prior t...

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from IP leakage to...

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

WordPress WP Job Portal plugin <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...

WordPress Ultimate Auction plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation vulnerability

Missing Authorization to Unauthenticated Email Creation vulnerability discovered by Lucio Sá in WordPress Plugin Ultimate Auction versions = 4.2.7...

WordPress WooCommerce Dropshipping plugin <= 5.1.2 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WooCommerce Dropshipping versions = 5.1.2...

WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bricksforge versions = 2.0.17...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a user account...

CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...

CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...

WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...