Wp Email

wp-email

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1630 1Wp Email Project 1Wp Email Nov 21, 2024 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack
CVE-2022-1614 1Wp Email Project 1Wp Email Nov 21, 2024 Jun 20, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.