Rustaurius Ultimate Wp Mail
6 CVEs affecting Rustaurius Ultimate Wp Mail. Latest disclosed: 2025-09-22. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49288 | High | 8.8 | 2025-06-06 | Missing Authorization vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Authentication Bypass.This issue affects Ultimate WP Mail: from n/a… |
CVE-2025-47490 | High | 8.5 | 2025-05-07 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows SQL I… |
CVE-2025-6993 | High | 7.5 | 2025-07-16 | The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler i… |
CVE-2025-53454 | Medium | 6.5 | 2025-09-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Store… |
CVE-2025-47466 | Medium | 5.4 | 2025-05-07 | Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Cross Site Request Forgery.This issue affects Ultimate W… |
CVE-2025-32694 | Medium | 4.7 | 2025-04-09 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Phishing.This issue affects Ultimate W… |