95 matches found
CVE-2026-2471
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2026-2471
The WP Mail Logging plugin for WordPress (up to version 1.15.0) is vulnerable to PHP Object Injection via deserialization of untrusted input in the email log message field. The BaseModel constructor calls maybe_unserialize() on all properties from the database without validation, allowing an unau...
CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field
The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...
CVE-2017-18603
The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...
EUVD-2021-11836
Malware in sbrugna...
EUVD-2017-9716
Malware in sbrugna...
EUVD-2021-11670
Malware in sbrugna...
EUVD-2023-56906
Malicious code in bioql PyPI...
EUVD-2022-4491
Malicious code in bioql PyPI...
EUVD-2024-16650
Malicious code in bioql PyPI...
EUVD-2025-21590
Malicious code in bioql PyPI...
EUVD-2024-22952
Malicious code in bioql PyPI...
EUVD-2022-34621
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-13280
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. CVE-2020-13280 Note that...
CVE-2025-6993
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...
CVE-2025-6993
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...
CVE-2025-6993
The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...