CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/20 6:0 a.m.•26 views

CVE-2024-7083 Email Encoder < 2.3.4 - Admin+ Stored XSS

0.00031EPSS

CVE•added 2026/04/20 6:0 a.m.•7 views

CVE-2024-7083

The CVE-2024-7083 issue affects the WordPress Email Encoder (Email Encoder Bundle) plugin, prior to version 2.3.4. Root cause: insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mul...

3.5CVSS5.7AI score0.00031EPSS

Vulnrichment•added 2026/04/20 6:0 a.m.•1 views

CVE-2024-7083 Email Encoder < 2.3.4 - Admin+ Stored XSS

5.7AI score0.00031EPSS

CNNVD•added 2026/04/20 12:0 a.m.•4 views

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

3.5CVSS5.9AI score0.00031EPSS

Positive Technologies•added 2026/04/20 12:0 a.m.•0 views

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

5.7AI score0.00031EPSS

Exploits0References2

CNNVD•added 2026/04/18 12:0 a.m.•6 views

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from the RLE decoder in the TGA encoder/decoder’s asymmetric boundary checks. This vulnerability may lead to a stack buffer overflow...

9.8CVSS6AI score0.00061EPSS

Exploits0References2

CNNVD•added 2026/04/18 12:0 a.m.•6 views

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from inconsistencies in byte-per-pixel calculations and pixel buffer allocations within the PSD encoder. This can lead to heap buffer overflows...

9.8CVSS5.9AI score0.00061EPSS

Exploits0References2

OSV•added 2026/04/17 12:59 p.m.•1 views

OESA-2026-1916 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.5CVSS7AI score0.0002EPSS

Exploits0References12

OSV•added 2026/04/16 11:38 p.m.•6 views

BIT-DOTNET-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

7.5CVSS5.8AI score0.06602EPSS

Exploits1References4

EUVD•added 2026/04/16 3:31 p.m.•1 views

EUVD-2026-23229

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

NVD•added 2026/04/16 3:17 p.m.•0 views

Exploits0References4

CVE-2026-2840

6.4CVSS0.00037EPSS

ATTACKERKB•added 2026/04/16 2:10 p.m.•0 views

CVE-2026-2840

Vulnrichment•added 2026/04/16 2:10 p.m.•2 views

Exploits0References4

CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode

Cvelist•added 2026/04/16 2:10 p.m.•28 views

CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode

6.4CVSS0.00037EPSS

CVE•added 2026/04/16 2:10 p.m.•8 views

CVE-2026-2840

The CVE-2026-2840 entry concerns the WordPress plugin “Email Encoder – Protect Email Addresses and Phone Numbers”. Affected: plugin versions up to 2.4.4. Root cause: insufficient input sanitization and output escaping on the eeb_mailto shortcode, enabling Stored Cross-Site Scripting. Impact: auth...

Patchstack•added 2026/04/16 3:20 a.m.•2 views

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin = 2.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via eebmailto Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Email Encoder Bundle versions = 2.4.4...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/16 12:0 a.m.•6 views

WordPress plugin Email Encoder – Protect Email Addresses and Phone Numbers 安全漏洞

6.4CVSS5.8AI score0.00037EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-33322

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...