49803 matches found
EUVD-2026-42851
The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...
CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action
The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...
CVE-2026-15026
The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...
CVE-2026-12685
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12685 EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12685
The CVE describes a backdoor in the EscortWP escortwp WordPress theme up to version 3.6.2. The backdoor is vendor-authored and obfuscated, allowing an unauthenticated attacker who supplies a hard-coded per-build key to permanently delete all site content. It also covertly transmits the site URL, ...
EUVD-2026-42830
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-12685
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
CVE-2026-21053
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
CVE-2026-21053
CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...
CVE-2026-21053
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
EUVD-2026-42823
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
CVE-2026-21053
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...
EUVD-2026-42804
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...
CVE-2026-15291
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...
EUVD-2026-42759
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
EUVD-2026-42758
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...
EUVD-2026-42760
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2026-12598
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2026-12597
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...