VYPR

Emailkit

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-5957MedMay 5, 2026
    risk 0.42cvss 6.5epss 0.01

    The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of the CheckForm class, where realpath() is called on the allowed base directory…

  • CVE-2025-14059MedJan 7, 2026
    risk 0.42cvss 6.5epss 0.00

    The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the create_template REST API endpoint where user-controlled input from the emailkit-editor-template…

  • CVE-2025-60106MedSep 26, 2025
    risk 0.32cvss 4.9epss 0.00

    Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.