56 matches found
CVE-2025-68529
Cross-Site Request Forgery CSRF vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through = 3.12.5...
EUVD-2025-205193
Cross-Site Request Forgery CSRF vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through = 3.12.5...
CVE-2025-68529
Technical details for CVE-2025-68529 are not provided in the supplied connected documents. Current information confirms CSRF vulnerability in WP Email Capture
PT-2025-53094
Name of the Vulnerable Software and Affected Versions WP Email Capture versions through 3.12.5 Description The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. Recommendations...
CVE-2025-67578 WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through = 3.12.4...
EUVD-2023-27809
Malicious code in bioql PyPI...
EUVD-2023-32117
Malicious code in bioql PyPI...
EUVD-2023-27810
Malicious code in bioql PyPI...
CVE-2025-58800
Cross-Site Request Forgery CSRF vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through = 2.8.5...
CVE-2025-58800 WordPress WP Email Template plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through = 2.8.5...
WordPress plugin WP Email Template 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2025-5486
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...
CVE-2025-5486
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...
CVE-2025-5486 WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUGhandlesettings function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled...
CVE-2025-5486
CVE-2025-5486 affects the WordPress plugin WP Email Debug (versions 1.0–1.1.0). The vulnerability is a missing capability check in WPMDBUG_handle_settings(), enabling privilege escalation by unauthenticated actors: they can enable debugging, cause emails to be sent to an attacker-controlled addre...
PT-2025-24035 · WordPress · Wp Email Debug
Name of the Vulnerable Software and Affected Versions: WP Email Debug plugin for WordPress versions 1.0 to 1.1.0 Description: The issue is related to a missing capability check on the WPMDBUG handle settings function. This allows unauthenticated attackers to enable debugging, send all emails to a...
CVE-2023-23724
Cross-Site Request Forgery CSRF vulnerability in Winwar Media WP Email Capture plugin = 3.9.3 versions...
CVE-2023-3721
The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-24959
The WP Email Users WordPress plugin through 1.7.6 does not escape the dataraw parameter in the weuselectedusers1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks...
Exploit for SQL Injection in Techspawn Wp-Email-Users
CVE-2021-24959 Description --- The WP Email Users WordPress...