CVE-2025-52750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through = 0.83b...

EUVD-2025-35485

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through = 0.83b...

CVE-2025-52750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through = 0.83b...

CVE-2025-52750

CVE-2025-52750 affects the WordPress Emu2 plugin (emu2-email-users-2) up to version 0.83b. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Affected component is the emu2-email-users-2 feature within Emu2; exp...

CVE-2025-52750 WordPress Emu2 plugin <= 0.83b - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juergen Schulze Emu2 emu2-email-users-2 allows Reflected XSS.This issue affects Emu2: from n/a through = 0.83b...

PT-2025-43237

Name of the Vulnerable Software and Affected Versions Emu2 versions prior to 0.83b Description A Reflected Cross-site Scripting XSS issue exists in the emu2-email-users-2 component of Emu2. This occurs due to improper neutralization of input during web page generation. The issue allows for the...

EUVD-2020-8123

Malware in sbrugna...

EUVD-2022-24894

Malicious code in bioql PyPI...

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

CVE-2021-24959

The WP Email Users WordPress plugin through 1.7.6 does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks...

CVE-2020-16157

A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods - Email Users menu...

Exploit for SQL Injection in Techspawn Wp-Email-Users

CVE-2021-24959 Description --- The WP Email Users WordPress...

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

WordPress Email Users plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

CVE-2022-1605

CVE-2022-1605 affects the WordPress Email Users plugin up to version 4.8.8. The vulnerability is a CSRF flaw in the settings update, potentially allowing a logged-in administrator to change notification settings via CSRF. Affected component: Email Users plugin’s settings update mechanism (no CSRF...

WordPress plugin Email Users 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Email Users plugin <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Email Users plugin versions = 4.8.8. Solution Deactivate and delete. This plugin has been closed as of May 6, 2022 and is not available for download. This closure is temporary...

Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users PoC...