Unsound sending of non-Send types across threads

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

CVE-2023-52126

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3...

CVE-2023-52126 WordPress Send Users Email Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3...

CVE-2023-52126

CVE-2023-52126 affects the WordPress plugin Send Users Email (from n/a to 1.4.3). The vulnerability is Exposure of Sensitive Information to an Unauthorized Actor via error logs. Patch status: patched; upgrade to a version newer than 1.4.3 to mitigate.

WordPress Plugin Send Users Email Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

PT-2024-14423 · Unknown · Send Users Email

Name of the Vulnerable Software and Affected Versions: Send Users Email versions 1.4.3 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the Send Users Email functionality. Recommendations: For versions 1.4.3 and earlier,...

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

WordPress Send Users Email Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure

Software Send Users Email Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52126 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4e5956550bfd Credits Mika Required privilege...

GHSA-335X-5WCM-8JV2 Backoffice User can bypass "Publish" restriction

Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Explanation of the vulnerability Backoffice users without permission to publish content, but only to send for approval, can bypass the restriction by modifying the request...

Backoffice User can bypass "Publish" restriction

Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Explanation of the vulnerability Backoffice users without permission to publish content, but only to send for approval, can bypass the restriction by modifying the request...

Umbraco Security Breach

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. Umbraco suffers from a security vulnerability that stems from the fact that a backend user with send approval privileges but no publish privileges can publish under certain circumstances...

CVE-2023-48840

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion...

CVE-2023-48833

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion...

CVE-2023-48833

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion...

Car Rental Script Security Vulnerability

Car Rental Script is a vehicle rental script in GZ Script open source . Car Rental Script v3.0 version has a security vulnerability , the vulnerability stems from the lack of rate limiting in pjActionAJaxSend , resulting in an attacker can exhaust system resources...

CVE-2023-40079

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO before v5.0, which originates from an SQL...

CVE-2023-36007

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability...