CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2026/05/11 8:37 p.m.•3 views

CVE-2026-43880

CVE-2026-43880 involves WWBN AVideo’s endpoint objects/sendEmail.json.php, where unauthenticated calls can send emails using the site’s SMTP and the site’s From/Reply-To identity. When contactForm is omitted, an attacker-supplied email becomes the recipient, while the message From/Reply-To uses t...

5.3CVSS5.9AI score0.00071EPSS

Exploits0References2

RedhatCVE•added 2026/01/18 2:26 a.m.•4 views

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

5.8CVSS5.9AI score0.00221EPSS

Exploits0References1

ATTACKERKB•added 2026/01/17 2:22 a.m.•1 views

CVE-2025-12718

5.8CVSS5.5AI score0.00221EPSS

Exploits0References3

RedhatCVE•added 2025/02/04 10:21 p.m.•3 views

CVE-2024-53860

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

8.6CVSS6.8AI score0.00076EPSS

Exploits0References1

OSV•added 2024/11/27 9:31 p.m.•4 views

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

8.6CVSS6.7AI score0.00076EPSS

Exploits0References4

OSV•added 2024/07/27 8:15 a.m.•0 views

CVE-2024-5969

The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomaticsendemail' function which are reachable via AJAX...

5.3CVSS5.9AI score

Exploits0References2