MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2026-2469

🔴 HIGH

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() functio...

Published
Feb 14, 2026
Last Modified
Feb 14, 2026
Views
10
Bookmarks
0

Description

Request Expert Review

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters " or CRLF sequences \r\n in the input.

CVSS Scores

CVSS 3.1 7.6
7.6
HIGH
CVSS 2.0 7.6

References

gist.github.com github.com github.com security.snyk.io

Additional Information

Source
report@snyk.io
State
Received

Related CVEs

CVE-2026-2144

HIGH

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to...

Score: 8.1

CVE-2026-2027

MEDIUM

The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setti...

Score: 4.4

CVE-2026-1983

MEDIUM

The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This...

Score: 4.3

CVE-2026-1912

MEDIUM

The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all version...

Score: 6.4

CVE-2026-1904

MEDIUM

The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' short...

Score: 6.4

CVE-2026-1754

MEDIUM

The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and includi...

Score: 6.1

Share CVE-2026-2469

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-2469 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis