CVE-2024-38760 – WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38760
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-5-1-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-52126 – WordPress Send Users Email Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-52126
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en Suman Bhattarai Send Users Email. Este problema afecta a Send Users Email: desde n/a hasta 1.4.3. The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via the plugin's error logs. This makes it possible for unauthenticated attackers to extract sensitive data about the plugin and site configuration. • https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •