Description
WordPress Plugin WP Mass Mail is prone to an open email relay vulnerability that lets attackers send mass emails without authentication. An attacker could exploit this issue to send unsolicited spam email to an unrestricted number of email addresses. WordPress Plugin WP Mass Mail version 2.45 is vulnerable; other versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
http://www.securityfocus.com/bid/53818/exploit
http://packetstormsecurity.com/files/113286/WordPress-WP-Mass-Mail-Spoofing.html
Related Vulnerabilities
Drupal Core Cross-Site Scripting (8.0.0 - 9.1.15)
WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)
WordPress Plugin Clockwork SMS Notfications Cross-Site Scripting (2.0.3)
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)
Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-36079)