241 matches found
WordPress Plugin WPExperts Post SMTP 安全漏洞
WordPress WPExperts Post SMTP plugin is a plugin for optimizing the WordPress email sending process. The main features include custom email services, email logging, DNS authentication and OAuth authorization. An authentication bypass vulnerability exists in the WordPress WPExperts Post SMTP plugi...
The vulnerability of the get_details() function in the POST SMTP plugin of the WordPress content management system allows a hacker to escalate their privileges and disclose sensitive information.
The vulnerability of the getdetails function in the POST SMTP Mailer plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and disclose sensitive...
Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts
If you're running a WordPress site and rely on the Post SMTP plugin for email delivery, there's something…...
VulnCheck KEV: CVE-2025-24000
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through = 3.2.0...
CVE-2025-22800
Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through = 2.9.11...
CVE-2023-3178
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...
CVE-2023-3179
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an...
CVE-2023-52233
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6...
CVE-2023-5958
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users...
CVE-2023-6629
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. Th...
CVE-2022-2351
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed...
CVE-2022-2352
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example...
CVE-2021-4422
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...
PT-2025-11223
Name of the Vulnerable Software and Affected Versions Post SMTP versions prior to 3.3.0 Description A flaw exists in the Post SMTP WordPress plugin due to a broken access control mechanism within its REST API. This allows users with low privileges, such as Subscribers, to access sensitive email...
CVE-2024-13844
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13844
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13844
The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...
CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Post SMTP plugin <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter vulnerability
Authenticated Administrator+ SQL Injection via columns Parameter vulnerability discovered by Nhien Pham nhienit in WordPress Plugin Post SMTP versions = 3.1.2...