CVE-2026-0829 Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress site as an open relay for spam or phishing emails to anyone. Attackers can also guess file IDs to access a...

PT-2026-8399

Name of the Vulnerable Software and Affected Versions Frontend File Manager plugin versions through 23.5 Description The Frontend File Manager plugin allows unauthenticated users to send emails through the WordPress site without security checks. This enables attackers to utilize the site as an op...

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust...

CVE-2024-43208

Missing Authorization vulnerability in Matt Miller Send Emails with Mandrill send-emails-with-mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through = 1.4.1...

CVE-2024-43208

Missing Authorization vulnerability in Matt Miller Send Emails with Mandrill send-emails-with-mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through = 1.4.1...

CVE-2024-43208

CVE-2024-43208 describes a Missing Authorization vulnerability in the WordPress plugin Send Emails with Mandrill (Miller Media). Affected versions are 1.4.1 and earlier, with exploitability stemming from misconfigured access control. Public sources in the Connected documents explicitly identify t...

PT-2024-30370 · Unknown · Send Emails With Mandrill

Name of the Vulnerable Software and Affected Versions: Send Emails with Mandrill versions 1.4.1 and earlier Description: The issue affects the Send Emails with Mandrill plugin due to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security...

WordPress Send Emails with Mandrill Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software Send Emails with Mandrill Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43208 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b4a893afe4e6 Credits Abdi Pranata Requir...

CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

XSS Stored in the email address

Description Hello, I have located an xss stored by performing the following step: 1 - Go to tools 2 - GDPR Data Extractor 3 - Insert the payload into the email address 4 - click in send emails Proof of Concept...

Improper access control

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

Information Disclosure

derhansen/sfeventmgt is vulnerable to information disclosure. Missing access checks in the backend module allows an authenticated user to export restricted participant data for events or send emails to event participants for events which the user does not have access to...

GHSA-G8RG-7RPR-CWR2 Information Disclosure in TYPO3 extension sf_event_mgt

A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure. Another missing access check in the backend module allows an authenticated backend user to send emai...

IBM Cloud Orchestrator Security Bypass Vulnerability

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. A...

CVE-2018-6563

Multiple cross-site request forgery CSRF vulnerabilities in totemomail Encryption Gateway before 6.0.0Build371 allow remote attackers to hijack the authentication of users for requests that 1 change user settings, 2 send emails, or 3 change contact information by leveraging lack of an anti-CSRF...

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Cart v1.0 Multiple XSRF Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Cart Cross Site Request Forgery

----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...