27 matches found
CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...
CRLF Injection
Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and...
EUVD-2026-2816
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
WordPress plugin Kalium has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-3002
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...
PT-2025-47435
The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslot appt email AJAX action. This makes it possible for unauthenticated attackers to send appointmen...
EUVD-2024-16898
Malicious code in bioql PyPI...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-13371
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker function in all versions up to, and including, 2.2.6. This makes it possible...
PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...
CVE-2024-3243
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3243
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3243
CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...
CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...