Lucene search
K

104 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.20 views

CVE-2025-14165

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00133EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.4 views

CVE-2025-14165 Kirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings Update

The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5AI score0.00133EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11468

Malware in sbrugna...

6.1CVSS6.3AI score0.01344EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-34182

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00505EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49330

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-12240

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00649EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-50360

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-28046

Malicious code in bioql PyPI...

5.9CVSS5.3AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-48339

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00482EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/30 12:32 a.m.5 views

WordPress Post By Email plugin <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments vulnerability

Unauthenticated Arbitrary File Upload via Email Attachments vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Post By Email versions = 1.0.4b...

9.8CVSS6.8AI score0.00678EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.4 views

CVE-2024-7413

The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...

5.3CVSS6.5AI score0.00482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.12 views

CVE-2024-8664

The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS6.4AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.8 views

CVE-2023-23982

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPGear.Pro WPFrom Email plugin = 1.8.8 versions...

5.9CVSS5.6AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.11 views

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00402EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24774

The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues...

7.2CVSS7.1AI score0.01275EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.7 views

CVE-2015-10078

A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress. This issue affects the function sendwelcomeemailurl of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated...

6.1CVSS6.3AI score0.00633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 a.m.7 views

CVE-2018-21007

The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...

9.8CVSS7AI score0.01952EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/31 2:5 p.m.5 views

WordPress Send E-mail plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Send E-mail versions = 1.3...

6.5CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/25 12:0 a.m.5 views

WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

6.1CVSS6AI score0.00257EPSS
Exploits1References3
NVD
NVD
added 2025/03/15 7:15 a.m.10 views

CVE-2025-2325

The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.2CVSS0.00274EPSS
Exploits0References2
Rows per page
Query Builder