CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Rocket.Chat Input Validation Error Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Cross site request forgery (csrf)

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1576 WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1603

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list...

CVE-2022-1603

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list...

CVE-2022-1603 Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list...

WordPress WP Maintenance Mode & Coming Soon plugin <= 2.4.4 - Subscribed Users Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Subscribed Users Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WP Maintenance Mode & Coming Soon plugin versions = 2.4.4. Solution Update the WordPress WP Maintenance Mode & Coming Soon plugin to the latest available version at least 2.4.5...

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack PoC...

WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF

The plugin is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack document.getElementById"test".submit;...

Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF

The plugin does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list PoC...

CVE-2022-0424 Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users...

CVE-2022-0424

The CVE-2022-0424 issue affects the Popup by Supsystic WordPress plugin, specifically versions prior to 1.10.9. The root cause is missing authentication/authorization in an AJAX action, permitting unauthenticated attackers to invoke the endpoint and retrieve the email addresses of subscribed user...

Cross site request forgery (csrf)

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack...

Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

The plugin does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...