Lucene search
+L

241 matches found

CVE
CVE
added 2025/12/03 12:29 p.m.18 views

CVE-2025-12887

CVE-2025-12887 concerns the WordPress plugin Post SMTP (Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App) up to version 3.6.1. The vulnerability is an authorization bypass in the handle_gmail_oauth_redirect function, allowing authenticated users wi...

5.4CVSS5.9AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.7 views

PT-2025-48804

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle gmail oauth redirect' function. This makes it possible for...

5.4CVSS5.9AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.8 views

WordPress plugin Post SMTP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.3AI score0.0026EPSS
Exploits0References3
Wordfence Blog
Wordfence Blog
added 2025/11/19 5:13 p.m.10 views

Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

9.8CVSS6.3AI score0.51507EPSS
Exploits1
CNVD
CNVD
added 2025/11/05 12:0 a.m.9 views

WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability

WordPress Post SMTP plugin is a tool for solving WordPress website email sending problems, which realizes email sending through SMTP protocol and avoids emails that can't be sent or marked as spam due to server limitations. WordPress Post SMTP plugin suffers from an unauthorized access to data...

9.8CVSS7AI score0.51507EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/11/03 9:10 p.m.14 views

WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability

Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...

9.8CVSS7AI score0.51507EPSS
Exploits1References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2025/11/03 5:24 p.m.27 views

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

9.8CVSS6.4AI score0.51507EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/11/02 3:48 a.m.14 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.51507EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/01 6:30 a.m.12 views

EUVD-2025-37413

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.1AI score0.51507EPSS
Exploits1References4
NVD
NVD
added 2025/11/01 4:15 a.m.13 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS0.51507EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/01 3:34 a.m.10 views

CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.2AI score0.51507EPSS
Exploits1References3
CVE
CVE
added 2025/11/01 3:34 a.m.101 views

CVE-2025-11833

CVE-2025-11833 affects the WordPress Post SMTP plugin up to and including version 3.6.0, due to a missing capability check in the __construct function. This unauthenticated issue lets attackers read arbitrary logged emails (including password reset emails), enabling potential account takeover and...

9.8CVSS5.2AI score0.51507EPSS
In wildExploits1References3
Cvelist
Cvelist
added 2025/11/01 3:34 a.m.17 views

CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS0.51507EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/11/01 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.9AI score0.51507EPSS
In wildExploits1References5
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.10 views

PT-2025-44700

Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...

9.8CVSS6.7AI score0.51507EPSS
Exploits1References26
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-58843

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.14169EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-43860

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00386EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-58844

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00401EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-58229

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.0051EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-56906

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00367EPSS
Exploits0References1
Rows per page
Query Builder