Lucene search
+L

101 matches found

nvd
nvd
added 2023/07/12 5:15 a.m.34 views

CVE-2023-3082

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.2CVSS6.2AI score0.00496EPSS
Exploits0References2
osv
osv
added 2023/07/12 4:38 a.m.6 views

CVE-2023-3082 Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.2CVSS6.9AI score0.00496EPSS
Exploits0References4
patchstack
patchstack
added 2023/07/12 12:0 a.m.15 views

WordPress Post SMTP Plugin <= 2.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Post SMTP Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3082 Patch priority Low CVSS severity Low 7.1 Developer WPExperts PSID c8d98d03e5dd Credits Alex Thomas Required privilege...

7.2CVSS5.7AI score0.00496EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2023/07/04 12:0 a.m.21 views

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3179 Patch priority Low CVSS severity Low 8.8 Developer WPExperts PSID a42127c2ce5a Credits Erwan LR WPScan Required privilege...

8.8CVSS6.5AI score0.00386EPSS
Exploits2References3Affected Software1
nvd
nvd
added 2023/06/07 2:15 a.m.22 views

CVE-2019-25145

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS7AI score0.00663EPSS
Exploits1References2
cve
cve
added 2023/06/07 1:51 a.m.51 views

CVE-2019-25145

CVE-2019-25145 concerns the WordPress plugin “Contact Form & SMTP Plugin by PirateForms.” The vulnerability affects public/class-pirateforms-public.php up to version 2.5.1 and stems from insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary...

7.2CVSS6.3AI score0.00663EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/06/07 1:51 a.m.28 views

CVE-2019-25145 Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS7AI score0.00663EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.4 views

WordPress Plugin Contact Form & SMTP Plugin by PirateForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.2CVSS6.3AI score0.00663EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.5 views

PT-2023-11372 · Pirateforms · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: Contact Form & SMTP Plugin by PirateForms versions up to, and including, 2.5.1 Description: The issue arises from insufficient input sanitization and output escaping in the 'public/class-pirateforms-public.php' file, allowing unauthenticated...

7.2CVSS6.2AI score0.00663EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2022/12/06 10:0 p.m.9 views

CVE-2022-42699 WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Remote Code Execution (RCE)

Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin = 1.5.1 on WordPress...

9.1CVSS9.6AI score0.01319EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/10/31 12:0 a.m.9 views

PT-2022-21773 · WordPress · Easy Wp Smtp

Name of the Vulnerable Software and Affected Versions: Easy WP SMTP WordPress plugin versions prior to 1.5.0 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to a PHP object injection issue. This can occur when an admin imports a...

7.2CVSS7AI score0.01126EPSS
Exploits2References5
vulnrichment
vulnrichment
added 2022/09/26 12:35 p.m.8 views

CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example...

6.9AI score0.01039EPSS
Exploits2References1
github
github
added 2022/06/14 12:0 a.m.19 views

NocoDB information disclosure vulnerability

In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents...

9.1CVSS6.8AI score0.01418EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1612

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS6.6AI score0.00513EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2022/06/13 12:0 a.m.6 views

PT-2022-14828 · Nocodb · Nocodb

Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.91.7 Description: The issue concerns the generation of error messages containing sensitive information and the lack of verification or validation in the SMTP plugin. This allows attackers to make requests to interna...

9.1CVSS8.1AI score0.01418EPSS
Exploits1References6
huntr
huntr
added 2022/06/09 9:1 a.m.74 views

SSRF via Plugin SMTP

Description The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents. Reproduce 1. Go to Team & Settings 2. App Store SMTP 3. Configure and intercept Test request 4. Change Host/Port to internal address, example:...

5CVSS0.5AI score0.01418EPSS
Exploits1
cnvd
cnvd
added 2019/09/18 12:0 a.m.2 views

WordPress postman-smtp plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. postman-smtp is an email plugin used in it. A cross-site scripting vulnerability exists in the WordPress postman-smtp plugin. An...

6.1CVSS6.3AI score0.01011EPSS
Exploits1References1
cnvd
cnvd
added 2019/08/22 12:0 a.m.4 views

WordPress bws-smtp plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. bws-smtp is a plugin used in it to configure an SMTP server to receive e-mail. A cross-site scripting vulnerability exists ...

6.1CVSS6.3AI score0.01621EPSS
Exploits1References1
prion
prion
added 2019/08/20 4:15 p.m.12 views

Cross site scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues...

4.3CVSS6AI score0.01621EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2019/08/20 3:1 p.m.18 views

CVE-2017-18518

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues...

6.1AI score0.01621EPSS
Exploits1References1
Rows per page
Query Builder