39 matches found
EUVD-2026-39187
The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2026-5305
The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2026-5305
The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2026-5305 Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS
The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...
CVE-2026-5305
The CVE-2026-5305 issue affects the WordPress plugins Email Address Encoder (free) prior to 1.0.25 and Email Encoder Premium prior to 0.3.12. The root cause is improper handling of email replacement, which can allow unauthenticated attackers to perform Stored XSS. Impact per sources is high (CVE-...
WordPress Email Address Encoder plugin < 1.0.25 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Address Encoder versions 1.0.25...
EUVD-2025-198699
Malicious code in @ensdomains/address-encoder npm...
Malicious code in @ensdomains/address-encoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190665 Malicious code in @ensdomains/address-encoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec8264ecb2af0b5028f08af1a108f7fe73cd1cbe55ea2cb7102a3e28b2e1052e The package @ensdomains/address-encoder was found to contain malicious code. Source: ghsa-malware...
EUVD-2019-6750
Malware in sbrugna...
EUVD-2024-40414
Malicious code in bioql PyPI...
EUVD-2023-52798
Malicious code in bioql PyPI...
CVE-2024-43927
Cross-Site Request Forgery CSRF vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through = 1.0.23...
CVE-2023-48765
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...
CVE-2019-15833
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...
CVE-2024-43927
Cross-Site Request Forgery CSRF vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through = 1.0.23...
CVE-2024-43927 WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through = 1.0.23...
CVE-2024-43927
CVE-2024-43927 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Till Krüss Email Address Encoder WordPress plugin, affecting Email Address Encoder versions from n/a up to 1.0.23. The issue enables CSRF, with no public exploit details provided in the sources. Remediation guidance...
CVE-2024-43927 WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Till Krüss Email Address Encoder email-address-encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through = 1.0.23...
PT-2025-2671 · Unknown · Till Krüss Email Address Encoder
Name of the Vulnerable Software and Affected Versions: Till Krüss Email Address Encoder versions 1.0.23 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...