15 matches found
EUVD-2025-17173
Malicious code in bioql PyPI...
EUVD-2023-43891
Malicious code in bioql PyPI...
CVE-2025-28974
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
CVE-2025-28974
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
CVE-2025-28974
CVE-2025-28974 is a CSRF-to-Stored XSS vulnerability in the Free WP Mail SMTP (mail250) WordPress plugin. The issue affects Free WP Mail SMTP versions from n/a through 1.0, with a CVSSv3.1 base score of 7.1 (High). The connected documentation confirms the vulnerability class (CSRF leading to Stor...
CVE-2025-28974 WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...
PT-2025-24129 · WordPress · Free Wp Mail Smtp
Name of the Vulnerable Software and Affected Versions: Free WP Mail SMTP versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...
CVE-2023-3213
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure
Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...
CVE-2024-6694
CVE-2024-6694 affects the WP Mail SMTP plugin for WordPress up to version 4.0.1. An authenticated admin can view the SMTP password in the SMTP Password field when viewing settings, leading to information exposure of the configured mail server credentials. The documented impact is limited to infor...
Design/Logic Flaw
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
CVE-2023-3213 WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page
The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...
CVE-2023-3213
CVE-2023-3213 affects the WordPress plugin WP Mail SMTP Pro . The vulnerability stems from a missing capability check in the function used to render the print page, allowing unauthenticated users to access potentially sensitive email information. Affected versions are up to and including 3.8.0 . ...
WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by RIPS Technologies in WordPress WP Mail SMTP by WPForms plugin versions = 1.3.3. Solution Update the WordPress WP Mail SMTP by WPForms plugin to the latest available version at least 1.4.0...
WP Mail SMTP by WPForms <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Mail SMTP by WPForms WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...