CVE-2024-43238 WordPress weMail plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through = 1.14.5...

CVE-2024-43238

CVE-2024-43238: WeMail for WordPress has a Reflected XSS in web page generation. Affected: the weMail plugin up to version 1.14.5 (from n/a through 1.14.5). According to the connected docs, the issue is publicly associated with this CVE and has a patch status indicating it was addressed (patched)...

WordPress plugin weMail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress weMail plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin weMail versions = 1.14.5...

WordPress weMail Plugin <= 1.14.5 is vulnerable to Cross Site Scripting (XSS)

Software weMail Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43238 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ade5dffb53e Credits LVT-tholv2k Required privilege...

CVE-2024-34822

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2...

CVE-2024-34822

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2...

CVE-2024-34822 WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2...

CVE-2024-34822

CVE-2024-34822 is a Missing Authorization vulnerability in the weMail WordPress plugin (affected: weMail up to 1.14.2). Public sources (NVD, Red Hat, CVE listings, Vuln enrichment) classify the impact as a Medium Severity (CVSS v3.1 base 5.3) with no confidentiality impact, low integrity impact, ...

CVE-2024-34822 WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2...

WordPress plugin weMail security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

weMail < 1.14.3 - Missing Authorization to Notice Dismissal

Description The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connectnotice function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices...

WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin weMail versions = 1.14.2...

WordPress weMail Plugin <= 1.14.2 is vulnerable to Broken Access Control

Software weMail Type Plugin Vulnerable versions = 1.14.2 Fixed in 1.14.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34822 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0390ae236e1f Credits Dhabaleshwar Das Required privilege...

WordPress weMail Plugin <= 1.14.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software weMail Type Plugin Vulnerable versions = 1.14.1 Fixed in 1.14.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65136c30deb2 Credits István Márton Required...

CVE-2018-16271

The wemailconsumerservice from the built-in application wemail in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This...

CVE-2018-16271

CVE-2018-16271 concerns the wemail_consumer_service in Samsung Galaxy Gear series (Tizen-based firmwares) prior to build RE2. The vulnerability arises from improper D-Bus security policy configurations, enabling an unprivileged process to manipulate a user’s mailbox. Additionally, an arbitrary em...