CVE-2026-3090

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.15 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.15 Fixed in 5.7.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2656 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a734d5d11361 Credits Peter1...

WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Software Email posts to subscribers Type Plugin Vulnerable versions = 6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41736 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c95df690c8f5 Credits Rafshanzani Suha...

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-1630

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack...

CVE-2022-1614

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...