2 matches found
CVE-2026-12170
The CVE concerns the AcyMailing WordPress plugin (all versions up to 10.10.2) vulnerability to Stored Cross-Site Scripting via the alignment attribute, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enablin...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect due to a failure to validate the redirectto parameter. An attacker can exfiltrate user cookies by tricking a user into authenticating with their SAML provider using a crafted link that redirects them to an...