Wp-Email Project: >> Wp-Email >> 2.67.2 Security Vulnerabilities
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-20
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2022-06-20