Lucene search
+L

241 matches found

CNNVD
CNNVD
added 2025/08/07 12:0 a.m.10 views

WordPress Plugin WPExperts Post SMTP 安全漏洞

WordPress WPExperts Post SMTP plugin is a plugin for optimizing the WordPress email sending process. The main features include custom email services, email logging, DNS authentication and OAuth authorization. An authentication bypass vulnerability exists in the WordPress WPExperts Post SMTP plugi...

8.8CVSS6.9AI score0.00566EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/08/04 12:0 a.m.9 views

The vulnerability of the get_details() function in the POST SMTP plugin of the WordPress content management system allows a hacker to escalate their privileges and disclose sensitive information.

The vulnerability of the getdetails function in the POST SMTP Mailer plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and disclose sensitive...

9CVSS5.8AI score0.00566EPSS
Exploits1References3Affected Software1
HackRead
HackRead
added 2025/07/28 4:43 p.m.8 views

Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts

If you're running a WordPress site and rely on the Post SMTP plugin for email delivery, there's something…...

7.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/07/24 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-24000

Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through = 3.2.0...

5.8AI score0.00566EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.12 views

CVE-2025-22800

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through = 2.9.11...

8.8CVSS7.2AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.6 views

CVE-2023-3178

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

4.3CVSS6.5AI score0.00266EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.12 views

CVE-2023-3179

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an...

8.8CVSS6.9AI score0.00389EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.10 views

CVE-2023-52233

Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6...

9.8CVSS7AI score0.00367EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.9 views

CVE-2023-5958

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users...

6.1CVSS6AI score0.0051EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.11 views

CVE-2023-6629

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. Th...

6.1CVSS6.9AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:0 a.m.10 views

CVE-2022-2351

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00559EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.12 views

CVE-2022-2352

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example...

7.2CVSS6.7AI score0.01039EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.9 views

CVE-2021-4422

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...

4.3CVSS5.9AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/13 12:0 a.m.13 views

PT-2025-11223

Name of the Vulnerable Software and Affected Versions Post SMTP versions prior to 3.3.0 Description A flaw exists in the Post SMTP WordPress plugin due to a broken access control mechanism within its REST API. This allows users with low privileges, such as Subscribers, to access sensitive email...

9CVSS6AI score0.00566EPSS
Exploits1References29
RedhatCVE
RedhatCVE
added 2025/03/10 6:47 a.m.18 views

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.6AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/03/08 6:15 a.m.33 views

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/08 5:30 a.m.9 views

CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.3AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2025/03/08 5:30 a.m.63 views

CVE-2024-13844

The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...

4.9CVSS5.2AI score0.00368EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/03/08 5:30 a.m.39 views

CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00368EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/03/08 3:23 a.m.8 views

WordPress Post SMTP plugin <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter vulnerability

Authenticated Administrator+ SQL Injection via columns Parameter vulnerability discovered by Nhien Pham nhienit in WordPress Plugin Post SMTP versions = 3.1.2...

4.9CVSS8.1AI score0.00368EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder