6 matches found
CVE-2026-43880
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...
WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...
WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability
WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...
CVE-2025-12895
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
CVE-2025-10873
CVE-2025-10873 : ElementInvader Addons for Elementor (WordPress) before 1.4.1 allows an unauthenticated user to send arbitrary emails to arbitrary addresses due to a missing authorization check on the elementinvader_addons_for_elementor_forms_send_form action. Affected plugin versions are prior t...
WordPress WooCommerce Dropshipping plugin <= 5.1.2 - Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WooCommerce Dropshipping versions = 5.1.2...