CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through = 1.3.8...

6.5CVSS5.9AI score0.00258EPSS

Exploits0References1

Patchstack•added 2025/09/22 7:41 p.m.•6 views

WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate WP Mail versions = 1.3.8...

6.5CVSS6AI score0.00258EPSS

Exploits0Affected Software1

NVD•added 2025/09/22 7:15 p.m.•3 views

CVE-2025-53454

6.5CVSS0.00258EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:25 p.m.•2 views

CVE-2025-53454 WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Ultimate WP Mail allows Stored XSS. This issue affects Ultimate WP Mail: from n/a through 1.3.8...

6.5CVSS5.6AI score0.00258EPSS

Exploits0References1

Cvelist•added 2025/09/22 6:25 p.m.•15 views

CVE-2025-53454 WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00258EPSS

Exploits0References1

CNNVD•added 2025/09/22 12:0 a.m.•4 views

WordPress plugin Ultimate WP Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS5.8AI score0.00258EPSS

Exploits0References1

Cvelist•added 2025/07/16 9:22 a.m.•7 views

CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the getemaillogdetails AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied postid and retrieves the corresponding email log post content including the...

7.5CVSS0.00441EPSS

Exploits0References4

Vulnrichment•added 2025/07/16 9:22 a.m.•3 views

CVE-2025-6993 Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

7.5CVSS6.2AI score0.00441EPSS

Exploits0References4

CNNVD•added 2025/07/16 12:0 a.m.•2 views

WordPress plugin Ultimate WP Mail 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.6AI score0.00441EPSS

Exploits0References4

RedhatCVE•added 2025/06/08 1:19 p.m.•5 views

CVE-2025-49288

Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through = 1.3.5...

8.8CVSS5.9AI score0.00452EPSS

Exploits0References1

NVD•added 2025/06/06 1:15 p.m.•5 views

CVE-2025-49288

Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a through = 1.3.5...

8.8CVSS0.00452EPSS

Exploits0References1

CVE•added 2025/06/06 12:53 p.m.•36 views

CVE-2025-49288

CVE-2025-49288 – A Missing Authorization vulnerability in the WordPress plugin Ultimate WP Mail (ultimate-wp-mail) allows Authentication Bypass in versions

8.8CVSS5.9AI score0.00452EPSS

Exploits0References1

Vulnrichment•added 2025/06/06 12:53 p.m.•10 views

CVE-2025-49288 WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5...

4.3CVSS7.1AI score0.00452EPSS

Exploits0References1

CNNVD•added 2025/06/06 12:0 a.m.•2 views

WordPress plugin Ultimate WP Mail 安全漏洞

8.8CVSS4.9AI score0.00452EPSS

Exploits0References1

Positive Technologies•added 2025/06/06 12:0 a.m.•8 views

PT-2025-24223 · WordPress · Rustaurius Ultimate Wp Mail

Name of the Vulnerable Software and Affected Versions: Rustaurius Ultimate WP Mail versions 1.3.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Rustaurius...

4.3CVSS4.5AI score0.00452EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by