33 matches found
WordPress Booking Plugin for WordPress Appointments – Time Slot plugin <= 1.4.7 - Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Time Slot versions = 1.4.7...
CVE-2025-12469
CVE-2025-12469 affects FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce. A Missing Authorization flaw in the bwfan_test_email AJAX handler, with the nonce exposed via frontend localization, allows authenticated attackers with Subscriber+ rights to send arbitr...
EUVD-2018-7538
Malware in sbrugna...
EUVD-2018-7539
Malware in sbrugna...
EUVD-2024-48513
Malicious code in bioql PyPI...
EUVD-2024-44380
Malicious code in bioql PyPI...
CVE-2024-7622
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-5969
The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...
WordPress WP Job Portal plugin <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability
Missing Authorization to Unauthenticated Arbitrary Email Sending vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...
CVE-2024-7622 Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the aajaxQuickEmailTestCallback function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Revision Manager TMC plugin <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Email Sending vulnerability discovered by Lucio Sá in WordPress Plugin Revision Manager TMC versions = 2.8.19...
CVE-2024-5969
The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...
CVE-2024-5969 AIomatic - Automatic AI Content Writer <= 2.0.5 - Unauthenticated Arbitrary Email Sending
The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...
CVE-2024-5969
The CVE-2024-5969 entry concerns the WordPress plugin AIomatic - Automatic AI Content Writer, affected versions up to and including 2.0.5. Multiple connected sources describe an unauthenticated arbitrary email-sending vulnerability in the aiomatic_send_email function, reachable via AJAX, allowing...
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...
CVE-2024-4787
The CVE refers to Cost Calculator Builder PRO for WordPress. It is vulnerable in versions up to 3.1.75 to an unauthenticated arbitrary email sending issue. The bug arises from insufficient limitations on both the recipient and the email content in the AJAX-accessible functions send_pdf and send_p...
CVE-2024-31242 WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17...
CVE-2023-6042 Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
Any unauthenticated user may send e-mail from the site with any title or content to the admin...
Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin
Description Any unauthenticated user may send e-mail from the site with any title or content to the admin PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=getwidsendmail", "headers": "content-type": "application/x-www-form-urlencoded", , "body": "datasubject=Urgent WordPress update...