241 matches found
Post SMTP <= 3.6.0 - Email Log Disclosure
Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...
CVE-2026-48838
Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...
EUVD-2026-36845
Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...
CVE-2026-48838 WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...
CVE-2026-48838
CVE-2026-48838 covers an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Post SMTP plugin, versions
PT-2026-49475
Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...
WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Post SMTP versions = 3.6.2...
WordPress Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin <= 3.0.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Post SMTP versions = 3.0.0...
Exploit for CVE-2025-24000
CVE-2025-24000 — Post SMTP Privilege Escalation Exploit Ov...
CVE-2026-3090
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
WordPress Post SMTP plugin <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'eventtype' vulnerability discovered by hoshino in WordPress Plugin Post SMTP versions = 3.8.0...
WordPress Post SMTP plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
Missing Authorization to Authenticated Subscriber+ Office 365 OAuth Configuration Overwrite vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Post SMTP versions = 3.8.0...
EUVD-2026-12841
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-2559
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...
CVE-2026-3090
The CVE-2026-3090 entry describes a Stored Cross-Site Scripting vulnerability in the Post SMTP WordPress plugin (versions up to 3.8.0). The issue is triggered by the event_type parameter and arises from insufficient input sanitization and output escaping. Exploitation requires unauthenticated acc...
CVE-2026-3090
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-2559
Post SMTP for WordPress is vulnerable up to version 3.8.0 due to a missing capability check in handle_office365_oauth_redirect() (hooked to admin_init without current_user_can() or nonce verification). Authenticated attackers with Subscriber level access+ can overwrite the Office 365 OAuth config...
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite
The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoffice365oauthredirect function in all versions up to, and including, 3.8.0. This is due to the function being hooked to admininit without any currentusercan check ...