104 matches found
CVE-2025-14165
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2025-14165 Kirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings Update
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to modify the plugin's...
EUVD-2021-11468
Malware in sbrugna...
EUVD-2023-34182
Malicious code in bioql PyPI...
EUVD-2023-49330
Malicious code in bioql PyPI...
EUVD-2023-12240
Malicious code in bioql PyPI...
EUVD-2022-50360
Malicious code in bioql PyPI...
EUVD-2023-28046
Malicious code in bioql PyPI...
EUVD-2024-48339
Malicious code in bioql PyPI...
WordPress Post By Email plugin <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments vulnerability
Unauthenticated Arbitrary File Upload via Email Attachments vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Post By Email versions = 1.0.4b...
CVE-2024-7413
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...
CVE-2024-8664
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2023-23982
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPGear.Pro WPFrom Email plugin = 1.8.8 versions...
CVE-2023-3721
The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-24774
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues...
CVE-2015-10078
A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress. This issue affects the function sendwelcomeemailurl of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated...
CVE-2018-21007
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads...
WordPress Send E-mail plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Send E-mail versions = 1.3...
WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...
CVE-2025-2325
The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...