Lucene search
K

181 matches found

WPVulnDB
WPVulnDB
added 2023/07/17 12:0 a.m.15 views

Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending

Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. PoC Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog:...

7.5CVSS7.7AI score0.01535EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.17 views

Debian: Security Advisory (DLA-537-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.02648EPSS
Exploits0References3
NVD
NVD
added 2022/11/28 8:15 p.m.17 views

CVE-2022-34654

Cross-Site Request Forgery CSRF in Virgial Berveling's Manage Notification E-mails plugin = 1.8.2 on WordPress...

8.8CVSS0.00291EPSS
Exploits0References1
Prion
Prion
added 2022/11/28 8:15 p.m.13 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in Virgial Berveling's Manage Notification E-mails plugin = 1.8.2 on WordPress...

6.8CVSS8.8AI score0.00291EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/28 7:30 p.m.72 views

CVE-2022-34654

Summary: CVE-2022-34654 corresponds to a Cross-Site Request Forgery (CSRF) in the WordPress plugin Manage Notification E-mails by Virgial Berveling, affecting versions up to 1.8.2 . What’s affected: WordPress site running the Manage Notification E-mails plugin (≤ 1.8.2). The issue arises from CSR...

8.8CVSS6.5AI score0.00291EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.4 views

PT-2022-22272 · WordPress · Manage Notification E-Mails

Name of the Vulnerable Software and Affected Versions: Manage Notification E-mails plugin versions 1.8.2 and earlier Description: The issue is related to Cross-Site Request Forgery CSRF in the Manage Notification E-mails plugin on WordPress. This means an attacker could potentially trick a user...

8.8CVSS8.4AI score0.00291EPSS
Exploits0References4
Patchstack
Patchstack
added 2022/09/27 12:0 a.m.26 views

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

4.4AI score0.00291EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/15 12:0 a.m.16 views

WordPress plugin Collaboration E-mails cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Collaboration E-mails 2.2.0 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of...

6.5CVSS2.3AI score0.00502EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.23 views

CVE-2022-0745

The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body...

6.5CVSS0.0077EPSS
Exploits2References1
CVE
CVE
added 2022/06/13 12:42 p.m.77 views

CVE-2022-1761

CVE-2022-1761 concerns the Peter’s Collaboration E-mails WordPress plugin (

6.5CVSS6.4AI score0.00502EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.3 views

WordPress plugin Collaboration E-mails 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Collaboration E-mails 2.2.0 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of...

6.5CVSS5.5AI score0.00502EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.19 views

WordPress Peter’s Collaboration E-mails plugin <= 2.2.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Peter’s Collaboration E-mails plugin versions = 2.2.0. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure i...

6.5CVSS3.3AI score0.00502EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:11 a.m.22 views

Dolibarr SQL Injection vulnerability

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...

9.8CVSS9.2AI score0.03959EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/03/21 6:15 p.m.17 views

CVE-2022-24236

An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts...

3.5CVSS0.0055EPSS
Exploits1References2
Prion
Prion
added 2022/03/21 6:15 p.m.13 views

Design/Logic Flaw

An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts...

3.5CVSS4.2AI score0.0055EPSS
Exploits1References2Affected Software1
Securelist
Securelist
added 2022/02/09 10:0 a.m.2570 views

Spam and phishing in 2021

Figures of the year In 2021: 45.56% of e-mails were spam 24.77% of spam was sent from Russia with another 14.12% from Germany Our Mail Anti-Virus blocked 148 173 261 malicious attachments sent in e-mails The most common malware family found in attachments were Agensla Trojans Our Anti-Phishing...

9.3CVSS0.99945EPSS
Exploits36
0day.today
0day.today
added 2021/11/22 12:0 a.m.494 views

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability

OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...

6.1CVSS5.1AI score0.01444EPSS
Exploits7
OSV
OSV
added 2021/11/19 4:15 p.m.4 views

CVE-2021-42363

The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the searchorder parameter found in the /views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8...

6.1CVSS6.4AI score0.01131EPSS
Exploits3References3
CVE
CVE
added 2021/11/19 3:35 p.m.52 views

CVE-2021-42363

Summary: CVE-2021-42363 affects the WordPress plugin “Preview E-Mails for WooCommerce.” The vulnerability is a reflected cross-site scripting (XSS) in the search_order/search_orders path in ~/views/form.php, exploitable when a malicious payload is supplied via the search_order parameter. Affected...

6.1CVSS6AI score0.01131EPSS
Exploits3References3Affected Software1
Malwarebytes
Malwarebytes
added 2021/11/15 4:50 p.m.20 views

FBI server hijacked to send up to 100,000 bogus attack mails

If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...

6.9AI score
Exploits0
Rows per page
Query Builder