13 matches found
EUVD-2025-4700
Malicious code in bioql PyPI...
CVE-2025-48301
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce SMTP for SendGrid – YaySMTP smtp-sendgrid allows SQL Injection.This issue affects SMTP for SendGrid – YaySMTP: from n/a through = 1.5...
WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for SendGrid – YaySMTP versions = 1.5...
CVE-2025-48161 WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a through = 1.3...
CVE-2025-53256
CVE-2025-53256 describes an SQL Injection vulnerability in the WordPress plugin YaySMTP (YayCommerce) stemming from improper neutralization of SQL elements. Public references indicate the issue affects YaySMTP up to version 2.6.5 (and Patchstack lists a later patched release, e.g., 2.6.6, as addr...
CVE-2025-47587
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...
PT-2025-20165 · Yaysmtp · Yaysmtp
Name of the Vulnerable Software and Affected Versions: YaySMTP versions n/a through 2.6.4 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind SQL Injection, which can be exploited...
CVE-2025-3434
CVE-2025-3434 : The SMTP for Amazon SES – YaySMTP WordPress plugin is vulnerable to unauthenticated Stored Cross-Site Scripting via Email Logs in all versions up to 1.8 due to insufficient input sanitization and output escaping. This allows an attacker to inject web scripts that execute in a user...
CVE-2025-0953 SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs
The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2025-0916
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
CVE-2025-0916
CVE-2025-0916 concerns the WordPress plugin family “YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service”. Connected sources confirm a stored XSS vulnerability in versions 2.4.9 through 2.6.2 caused by insufficient input sanitization and output escapi...