Filtered by vendor Wp-email Project
Subscriptions
Filtered by product Wp-email
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1630 | 1 Wp-email Project | 1 Wp-email | 2024-11-21 | 6.5 Medium |
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack | ||||
CVE-2022-1614 | 1 Wp-email Project | 1 Wp-email | 2024-11-21 | 7.5 High |
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. |
Page 1 of 1.