Lucene search
K

33 matches found

Patchstack
Patchstack
added 2025/11/18 11:28 p.m.6 views

WordPress Booking Plugin for WordPress Appointments – Time Slot plugin <= 1.4.7 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Time Slot versions = 1.4.7...

5.3CVSS7AI score0.00253EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/11/05 9:27 a.m.10 views

CVE-2025-12469

CVE-2025-12469 affects FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce. A Missing Authorization flaw in the bwfan_test_email AJAX handler, with the nonce exposed via frontend localization, allows authenticated attackers with Subscriber+ rights to send arbitr...

4.3CVSS5.6AI score0.00235EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7538

Malware in sbrugna...

7.5CVSS7.6AI score0.0096EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-7539

Malware in sbrugna...

5.3CVSS5.5AI score0.0088EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48513

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00351EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44380

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.00349EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.6 views

CVE-2024-7622

The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.6AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.9 views

CVE-2024-5969

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...

5.8CVSS7.1AI score0.00349EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/31 11:42 p.m.7 views

WordPress WP Job Portal plugin <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...

5.3CVSS7AI score0.0051EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/06 1:55 p.m.29 views

CVE-2024-7622 Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS0.00351EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/06 2:53 a.m.5 views

WordPress Revision Manager TMC plugin <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Email Sending vulnerability discovered by Lucio Sá in WordPress Plugin Revision Manager TMC versions = 2.8.19...

4.3CVSS7AI score0.00351EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/27 8:15 a.m.41 views

CVE-2024-5969

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...

5.8CVSS0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/27 7:33 a.m.18 views

CVE-2024-5969 AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...

5.8CVSS5.7AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/07/27 7:33 a.m.51 views

CVE-2024-5969

The CVE-2024-5969 entry concerns the WordPress plugin AIomatic - Automatic AI Content Writer, affected versions up to and including 2.0.5. Multiple connected sources describe an unauthenticated arbitrary email-sending vulnerability in the aiomatic_send_email function, reachable via AJAX, allowing...

5.8CVSS5.7AI score0.00349EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/19 3:12 a.m.27 views

CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...

5.8CVSS0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/19 3:12 a.m.15 views

CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...

5.8CVSS7AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/06/19 3:12 a.m.58 views

CVE-2024-4787

The CVE refers to Cost Calculator Builder PRO for WordPress. It is vulnerable in versions up to 3.1.75 to an unauthenticated arbitrary email sending issue. The bug arises from insufficient limitations on both the recipient and the email content in the AJAX-accessible functions send_pdf and send_p...

5.8CVSS6.1AI score0.00349EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:48 p.m.13 views

CVE-2024-31242 WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17...

5.3CVSS6.9AI score0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.5 views

CVE-2023-6042 Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Any unauthenticated user may send e-mail from the site with any title or content to the admin...

7.5AI score0.00563EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/12/16 12:0 a.m.18 views

Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin

Description Any unauthenticated user may send e-mail from the site with any title or content to the admin PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update...

7.5CVSS6.6AI score0.00563EPSS
Exploits2Affected Software1
Rows per page
Query Builder