CVE-2026-6675

The CVE entry maps to a concrete vulnerability in the WordPress Responsive Blocks plugin (versions ≤ 2.2.0). It describes an unauthenticated open email relay via the REST API 'email_to' parameter, enabling abuse of email delivery functions without login. The source does not provide exploit steps ...

CVE-2026-34071

CVE-2026-34071 affects Stirling-PDF. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with downloadHtml=true returns unsanitized HTML from the email body (Content-Type: text/html). An attacker sending a malicious email to a Stirling-PDF user can achieve JavaScript execution when the user ex...

PT-2026-28532

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The Scheduler plugin in AVideo lacks authentication checks on three list.json.php endpoints: plugin/Scheduler/View/Scheduler commands/list.json.php, plugin/Scheduler/View/Emails...

CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

CVE-2025-23786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...

EUVD-2025-3418

Malicious code in bioql PyPI...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information by...

CVE-2022-1046

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2025-23786

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...

CVE-2025-23786

CVE-2025-23786 is a reflected XSS vulnerability in the WordPress plugin Email to Download (vulnerable up to 3.1.0). The issue is caused by improper neutralization of user input during web page generation, enabling an attacker to inject executable script via input that is reflected in the page. Pu...

CVE-2022-47600

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Mass Email To users plugin = 1.1.4 versions...

WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Email to Download versions = 3.1.0...

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods...

CVE-2022-47600 WordPress Mass Email To users Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Mass Email To users plugin = 1.1.4 versions...

CVE-2022-47600

CVE-2022-47600 : Unauthenticated reflected XSS in the WordPress plugin Mass Email To users (I Thirteen Web Solution) version

WordPress Visual Form Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Visual Form Builder plugin prior...

CVE-2022-1046

The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1046

The CVE-2022-1046 entry concerns the WordPress Visual Form Builder plugin prior to 3.0.7. The vulnerability arises because the plugin does not sanitize and escape the form field labeled 'Email to', enabling stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

TIDoS Framework - The Offensive Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...