CVE-2025-64245

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through = 1.5.12...

EUVD-2025-203605

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through = 1.5.12...

CVE-2025-64245

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through = 1.5.12...

CVE-2025-64245 WordPress Import external attachments plugin <= 1.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through = 1.5.12...

CVE-2025-64245

CVE-2025-64245 is a WordPress vulnerability described as Missing Authorization in the WordPress plugin Import external attachments (import-external-attachments) up to version 1.5.12 . The connected documents corroborate a Broken Access Control / Missing Authorization issue affecting that plugin, ...

CVE-2025-64245 WordPress Import external attachments plugin <= 1.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through = 1.5.12...

PT-2025-51393

Name of the Vulnerable Software and Affected Versions ryanpcmcquen Import external attachments versions through 1.5.12 Description The Import external attachments component contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

EUVD-2025-19351

Malicious code in bioql PyPI...

CVE-2025-53268

Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...

CVE-2025-53268

Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through = 1.5.12...

CVE-2025-53268 WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in ryanpcmcquen Import external attachments allows Cross Site Request Forgery. This issue affects Import external attachments: from n/a through 1.5.12...

WordPress plugin Import external attachments 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2025-27175 · Unknown · Import External Attachments

Name of the Vulnerable Software and Affected Versions: ryanpcmcquen Import external attachments versions 1.5.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that affects the Import external attachments feature, allowing unauthorized requests to be made on...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

PT-2025-16352 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2 Description: The issue arises from Thunderbird's handling of the X-Mozilla-External-Attachment-URL header, which allows for external attachments. When an email is...

Mozilla: Filename spoofing for external attachments

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

Mozilla: Filename spoofing for external attachments

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...