cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-23423,https://securityvulnerability.io/vulnerability/CVE-2025-23423,Missing Authorization in Smackcoders SendGrid for WordPress,"A missing authorization vulnerability exists in the Smackcoders SendGrid for WordPress plugin, which may lead to exploitation due to incorrectly configured access controls. This issue poses risks by allowing unauthorized users to access sensitive functionalities within the plugin, potentially compromising user data and the integrity of the WordPress site. It is essential for users of SendGrid for WordPress version 1.4 and earlier to assess their configurations and implement security measures to mitigate risks associated with this vulnerability.",Wordpress,Sendgrid For WordPress,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-16T20:05:46.387Z,0
CVE-2024-9364,https://securityvulnerability.io/vulnerability/CVE-2024-9364,Unauthorized Log File Deletion Vulnerability Affects SendGrid for WordPress Plugin,"The SendGrid for WordPress plugin has a vulnerability stemming from a missing capability check on the 'wp_mailplus_clear_logs' function. This oversight enables authenticated users, with Subscriber-level access and above, to delete log files associated with the plugin. The lack of appropriate access controls allows for potential unauthorized data loss, posing a significant risk to users relying on the integrity and availability of their plugin logs.",Wordpress,Sendgrid For WordPress,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-18T04:32:55.748Z,0
CVE-2024-43965,https://securityvulnerability.io/vulnerability/CVE-2024-43965,SendGrid SQL Injection Vulnerability Affects WordPress Users,"The vulnerability in Smackcoders SendGrid for WordPress enables an improper neutralization of special characters in SQL commands, leading to an SQL Injection risk. Attackers can exploit this flaw to execute arbitrary SQL code in the database, potentially allowing unauthorized access to sensitive data or manipulation of the database contents. This issue affects all versions of SendGrid for WordPress prior to 1.4, making it crucial for users to update to the latest version to mitigate potential security threats.",Wordpress,Sendgrid For WordPress,9.8,CRITICAL,0.000910000002477318,false,,false,false,true,true,false,false,2024-08-29T15:23:12.823Z,0
CVE-2021-24528,https://securityvulnerability.io/vulnerability/CVE-2021-24528,FluentSMTP < 2.0.1 - Authenticated Stored XSS,"The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin's settings.",Wordpress,"Fluentsmtp – WordPress Mail Smtp, Ses, Sendgrid, Mailgun And Any Smtp Plugin",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-30T14:11:20.000Z,0