Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-4700

Malicious code in bioql PyPI...

7.2CVSS9.2AI score0.00352EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/07/18 10:59 a.m.6 views

CVE-2025-48301

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue affects SMTP for SendGrid – YaySMTP: from n/a through = 1.5...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/16 12:19 p.m.7 views

WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for SendGrid – YaySMTP versions = 1.5...

7.6CVSS7.7AI score0.00355EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.4 views

CVE-2025-48161 WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a through = 1.3...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 1:21 p.m.22 views

CVE-2025-53256

CVE-2025-53256 describes an SQL Injection vulnerability in the WordPress plugin YaySMTP (YayCommerce) stemming from improper neutralization of SQL elements. Public references indicate the issue affects YaySMTP up to version 2.6.5 (and Patchstack lists a later patched release, e.g., 2.6.6, as addr...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 3:16 p.m.7 views

CVE-2025-47587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

7.6CVSS0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.5 views

PT-2025-20165 · Yaysmtp · Yaysmtp

Name of the Vulnerable Software and Affected Versions: YaySMTP versions n/a through 2.6.4 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind SQL Injection, which can be exploited...

7.6CVSS8AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2025/04/11 8:21 a.m.61 views

CVE-2025-3434

CVE-2025-3434 : The SMTP for Amazon SES – YaySMTP WordPress plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via Email Logs in all versions up to 1.8 due to insufficient input sanitization and output escaping. This allows an attacker to inject web scripts that execute in a user...

7.2CVSS6.3AI score0.00434EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/22 12:39 p.m.15 views

CVE-2025-0953 SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs

The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.2CVSS7.4AI score0.00332EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/21 11:26 a.m.13 views

CVE-2025-0916

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

7.2CVSS6AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/19 11:10 a.m.26 views

CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

7.2CVSS0.00352EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/19 11:10 a.m.10 views

CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting

The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

7.2CVSS6.2AI score0.00352EPSS
Exploits0References5
CVE
CVE
added 2025/02/19 11:10 a.m.59 views

CVE-2025-0916

CVE-2025-0916 concerns the WordPress plugin family “YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service”. Connected sources confirm a stored XSS vulnerability in versions 2.4.9 through 2.6.2 caused by insufficient input sanitization and output escapi...

7.2CVSS6.3AI score0.00352EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder