2 matches found
CVE-2024-12554
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the casregisterpost function. This makes it possible for unauthenticated attackers to blacklist emails via a forged...
CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler
sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...