Wp-email Project Wp-email — known CVE vulnerabilities
Every CVE whose affected-product data names Wp-email Project Wp-email, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-1614 — CVSS 7.5 (high): The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which…
CVE-2022-1630 — CVSS 6.5 (medium): The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a…