CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

CVE-2026-22204 wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

CVE-2026-22204

wpDiscuz prior to 7.6.47 has an email header injection due to unsanitized comment_author_email cookie. An attacker can craft a cookie value that, after urldecode() is processed by wp_mail(), injects headers or alters recipients. The exact impact and exploit status are not elaborated beyond the de...

CVE-2026-22204 wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

EUVD-2022-24727

Malicious code in bioql PyPI...

CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

Description The plugin does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. 1. Install Post SMTP in version 3. Visit /wp-admin/admin.php?page=postmanemaillog Post SMTP - Email Log 4...

CVE-2022-1412

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

Information disclosure

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible

The Log WPMail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords...

CVE-2022-1412

The CVE-2022-1412 affects the WordPress Log WP_Mail plugin (versions

WordPress Log WP_Mail plugin <= 0.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability was discovered by Daniel Ruf in the WordPress Log WPMail plugin versions = 0.1. Solution Deactivate and delete. This plugin has been closed as of April 20, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress 2.3.0 - 4.8.3 Unauthorized Password Reset

According to its self-reported version number, the WordPress application running on the remote web server is 4.7.x. It is, therefore, affected by a flaw in the wpmail function within file wp-includes/pluggable.php due to the improper usage of the SERVERNAME variable, specifically when input from...