241 matches found
CVE-2025-12887
CVE-2025-12887 concerns the WordPress plugin Post SMTP (Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App) up to version 3.6.1. The vulnerability is an authorization bypass in the handle_gmail_oauth_redirect function, allowing authenticated users wi...
PT-2025-48804
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle gmail oauth redirect' function. This makes it possible for...
WordPress plugin Post SMTP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...
WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability
WordPress Post SMTP plugin is a tool for solving WordPress website email sending problems, which realizes email sending through SMTP protocol and avoids emails that can't be sent or marked as spam due to server limitations. WordPress Post SMTP plugin suffers from an unauthorized access to data...
WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability
Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...
400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin
On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...
CVE-2025-11833
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
EUVD-2025-37413
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
CVE-2025-11833
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
CVE-2025-11833
CVE-2025-11833 affects the WordPress Post SMTP plugin up to and including version 3.6.0, due to a missing capability check in the __construct function. This unauthenticated issue lets attackers read arbitrary logged emails (including password reset emails), enabling potential account takeover and...
CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
VulnCheck KEV: CVE-2025-11833
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...
PT-2025-44700
Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...
EUVD-2023-58843
Malicious code in bioql PyPI...
EUVD-2023-43860
Malicious code in bioql PyPI...
EUVD-2023-58844
Malicious code in bioql PyPI...
EUVD-2023-58229
Malicious code in bioql PyPI...
EUVD-2023-56906
Malicious code in bioql PyPI...