Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

email-address project email-address vulnerabilities and exploits

(subscribe to this query)
7.8
CVSSv2
CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and previous versions for Perl allows remote malicious users to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthe...
Email-address Project Email-address
4.3
CVSSv2
CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
Phpmailer Project Phpmailer 5.2.23
NA
CVE-2022-3477
The tagDiv Composer WordPress plugin prior to 3.5, required by the Newspaper WordPress theme prior to 12.1 and Newsmag WordPress theme prior to 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated malicious users to login as any user by just kno...
Tagdiv Composer Project Tagdiv ComposerNewsmag Project NewsmagNewspaper Project Newspaper
4.3
CVSSv2
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
Mistune Project Mistune 0.7.4
3.5
CVSSv2
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
4.3
CVSSv2
CVE-2019-13240
An issue exists in GLPI prior to 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
Glpi-project Glpi
NA
CVE-2022-2834
The Helpful WordPress plugin prior to 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow malicious users to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plug...
Helpful Project Helpful
6.8
CVSSv2
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an act...
Firebase Admin Sdk For Php Project Firebase Admin Sdk For Php
NA
CVE-2022-2379
The Easy Student Results WordPress plugin up to and including 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical addr...
Easy Student Results Project Easy Student Results
4
CVSSv2
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook