Lucene search
+L

27 matches found

vulnrichment
vulnrichment
added 2026/05/27 11:26 p.m.11 views

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS5.9AI score0.00275EPSS
Exploits0References2
snyk
snyk
added 2026/04/08 3:5 p.m.4 views

CRLF Injection

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and...

6.9CVSS6AI score
Exploits0References2
euvd
euvd
added 2026/01/15 1:23 p.m.8 views

EUVD-2026-2816

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

5.3CVSS5.1AI score0.00227EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/01/15 12:0 a.m.8 views

WordPress plugin Kalium has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/15 12:0 a.m.20 views

PT-2026-3002

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...

5.3CVSS5.6AI score0.00227EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.12 views

PT-2025-47435

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot appt email AJAX action. This makes it possible for unauthenticated attackers to send appointmen...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-16898

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.00321EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/08/06 12:14 a.m.16 views

CVE-2025-50340

An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...

4.3CVSS6AI score0.00317EPSS
Exploits0References1
nvd
nvd
added 2025/08/04 8:15 p.m.11 views

CVE-2025-50340

An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...

4.3CVSS0.00317EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/23 9:58 a.m.11 views

CVE-2024-1124

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00321EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:36 a.m.10 views

CVE-2024-13371

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker function in all versions up to, and including, 2.2.6. This makes it possible...

5.3CVSS6.9AI score0.0051EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/07/27 12:0 a.m.6 views

PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...

5.8CVSS6.9AI score0.00401EPSS
Exploits0References5
osv
osv
added 2024/04/16 1:15 p.m.6 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS5.9AI score0.00431EPSS
Exploits0References3
nvd
nvd
added 2024/04/16 1:15 p.m.25 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.4AI score0.00431EPSS
Exploits0References3
cve
cve
added 2024/04/16 12:51 p.m.59 views

CVE-2024-3243

CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/04/16 12:51 p.m.12 views

CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6AI score0.00431EPSS
Exploits0References3
nvd
nvd
added 2024/03/09 7:15 a.m.21 views

CVE-2024-1124

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.4AI score0.00321EPSS
Exploits0References2
osv
osv
added 2024/03/09 7:15 a.m.5 views

CVE-2024-1124

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS7.4AI score0.00321EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/03/09 7:1 a.m.12 views

CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00321EPSS
Exploits0References2
cvelist
cvelist
added 2024/03/09 7:1 a.m.34 views

CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder