CVE-2026-40567

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

CVE-2025-9207

CVE-2025-9207 affects the TI WooCommerce Wishlist plugin for WordPress. The vulnerability is an HTML injection flaw present in all versions up to and including 2.10.0, caused by accepting values in hidden inputs without proper validation and outputting them without sanitization. This enables unau...

EUVD-2021-34177

Malicious code in bioql PyPI...

Input validation

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

WordPress CformsII plugin <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery (CSRF) vulnerabilities

Unauthenticated HTML Injection & Cross-Site Request Forgery CSRF vulnerabilities found by Jerome Bruandet Nintechnet in WordPress CformsII plugin versions = 15.0.1. Solution Update the WordPress CformsII plugin to the latest available version at least 15.0.2...