Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-43880

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

5.3CVSS5.6AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 11:44 a.m.14 views

WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...

5.8CVSS5.4AI score0.00682EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:51 a.m.9 views

WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability

WordPress AIomatic - Automatic AI Content Writer plugin = 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability discovered by István Márton - Wordfence in WordPress Plugin Aiomatic versions = 2.0.5...

5.8CVSS5.3AI score0.00349EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.13 views

CVE-2025-12895

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

5.3CVSS5.6AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 6:0 a.m.22 views

CVE-2025-10873

CVE-2025-10873 : ElementInvader Addons for Elementor (WordPress) before 1.4.1 allows an unauthenticated user to send arbitrary emails to arbitrary addresses due to a missing authorization check on the elementinvader_addons_for_elementor_forms_send_form action. Affected plugin versions are prior t...

5.3CVSS6.6AI score0.00224EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/06 6:45 p.m.5 views

WordPress WooCommerce Dropshipping plugin <= 5.1.2 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WooCommerce Dropshipping versions = 5.1.2...

5.3CVSS7AI score0.00313EPSS
Exploits0Affected Software1
Rows per page
Query Builder