WordPress Mail Mint plugin < 1.19.5 - Unauthenticated Emails Disclosure vulnerability

Unauthenticated Emails Disclosure vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Mail Mint versions 1.19.5...

CVE-2026-0829

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

CVE-2026-0829

The CVE-2026-0829 entry concerns the Frontend File Manager Plugin for WordPress (up to version 23.5). It states unauthenticated users can relay emails through the site and access/share uploaded files by guessing file IDs, exposing sensitive information and enabling spam/phishing use. The descript...

CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

Echo 安全漏洞

Echo is an open source community system with no front-end or back-end separation by the individual developers of Veal98. A security vulnerability exists in Echo versions 2.2 through 2.3 that originates in the sendEmailCodeForResetPwd endpoint that allows unauthenticated attackers to send...

CVE-2025-10873 Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending

The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvaderaddonsforelementorformssendform action...

CVE-2024-13371

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker function in all versions up to, and including, 2.2.6. This makes it possible...

CVE-2024-9065

The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whpsmtpsendmailtest' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any...

CVE-2023-42508

JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body...

PT-2023-28382 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.66.0 Description: The issue allows unauthenticated users to send emails with manipulated email bodies by abusing a specific endpoint with a specially crafted payload. Recommendations: For versions prior t...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the ability for...

ALPINE-CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...

PT-2022-10299 · Exim +5 · Exim +5

Name of the Vulnerable Software and Affected Versions: libspf2 versions prior to 1.2.11 Description: The issue is related to a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with ...

Malwarebytes: No SPF/DMARC records on mb-cosmos.com

The domain mb-cosmos.com lacked SPF and DMARC records, allowing email spoofing. Emails appeared to originate from the domain without authentication. This vulnerability was reported as a security issue...