77 matches found
EUVD-2022-2788
Malicious code in bioql PyPI...
EUVD-2025-5965
Malicious code in bioql PyPI...
EUVD-2022-2778
Malicious code in bioql PyPI...
EUVD-2022-0457
Malicious code in bioql PyPI...
EUVD-2022-3449
Malicious code in bioql PyPI...
EUVD-2022-0518
Malicious code in bioql PyPI...
CVE-2025-1319
The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
CVE-2025-1319
The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
WordPress plugin Site Mailer – SMTP Replacement, Email API Deliverability & Email Log 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Site Mailer - SMTP Replacement, Email API Deliverabili...
PT-2025-9088 · WordPress · The Site Mailer – Smtp Replacement
Name of the Vulnerable Software and Affected Versions: The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress versions prior to 1.2.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping...
WordPress WP Easy Post Mailer Plugin <= 0.64 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Easy Post Mailer versions = 0.64...
POST SMTP Mailer Plugin for WordPress < 2.8.8 Authorization Bypass
The WordPress POST SMTP Mailer Plugin installed on the remote host is affected by an authorization bypass vulnerability via type connect-app API. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2023-6875 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7...
SUSE CVE-2018-8718
Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...
GHSA-6FR3-286Q-Q3CR Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates...
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +125 more potentially affected by CVE-2018-8718 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.20)
org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-8718 Source advisory: OSV:GHSA-6G57-H38C-Q52G...
Cross-Site Request Forgery in Jenkins Mailer Plugin
Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...
GHSA-6G57-H38C-Q52G Cross-Site Request Forgery in Jenkins Mailer Plugin
Cross-site request forgery CSRF vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request...
GHSA-WQV4-9GR3-3QGH Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/username/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote...