Tag
high
advisory
Authenticated Account Takeover in Essential Addons for Elementor WordPress Plugin
3 TTPs 1 CVEA vulnerability (CVE-2026-15155) in the Essential Addons for Elementor WordPress plugin, specifically within its Login/Register widget, allows authenticated attackers with Contributor-level access or higher to achieve administrator account takeover by injecting an additional Bcc header into administrator password-reset notification emails.
Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin
wordpress
plugin
web-application
cve
account-takeover
email-injection
3t
1c
high
threat
Symfony Email Header / SMTP Command Injection via CRLF Characters
2 rules 1 TTPSymfony's Mime Address component is susceptible to email header and SMTP command injection due to accepting CRLF characters within email addresses, leading to potential header manipulation or unauthorized SMTP commands in symfony/mime and symfony/symfony versions prior to 5.4.52, versions 6.0.0 to before 6.4.40, versions 7.0.0 to before 7.4.12 and versions 8.0.0 to before 8.0.12.
symfony/mime +1
crlf-injection
email-injection
symfony
CVE-2026-45067
2r
1t