CVE-2026-6235 - Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests
CVE ID :CVE-2026-6235 Published : April 22, 2026, 9:16 a.m. | 1 hour, 44 minutes ago Description :The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the p
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] ‘Big Game Hunters’: UK ransomware volume drops significantly 'but the reality is more alarming' – big orgs are being hit harder and with greater success
- [CYBER] The WSL2 Guide I Wish I Had: 4 Gotchas That Will Eat Your Afternoon
- [CYBER] The Keystone Burnout: How Engineering Leaders Break Under Constant Vigilance
- [CYBER] HTB (Bashed) — Walkthrough
- [CYBER] Malicious trading website drop malware that hands over your browser to attackers
- [CYBER] Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay