49845 matches found
CVE-2026-57416
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through = 1.7.5...
EUVD-2026-43292
The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...
CVE-2026-57416 WordPress SiteGround Email Marketing plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through = 1.7.5...
CVE-2026-57416
The CVE-2026-57416 entry concerns the WordPress SiteGround Email Marketing plugin (versions
CVE-2026-12397
The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...
Integrate Google Drive <= 1.5.3 - Information Disclosure
File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...
Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending
Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...
Mail Mint < 1.19.5 - Unauthenticated Email Disclosure
Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...
Sensei LMS < 4.24.2 - Email Template Leak
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...
WordPress Email Newsletter - Reflected XSS
WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...
WordPress Core - Post Author Email Disclosure
WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'listusers' capability, the search is applied to the useremail column. id:...
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...
b2evolution CMS <6.11.6 - Open Redirect
b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...
Eyou E-Mail <3.6 - Remote Code Execution
Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...
Group-Office < 26.0.5 - Remote Code Execution
Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure
WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...
JS Help Desk <= 2.8.1 - SQL Injection
The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
XWiki < 4.10.15 - Email Disclosure
The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...