CVE-2025-9219

The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatepostsmtpprooptioncallback'...

CVE-2025-9219 Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update

The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatepostsmtpprooptioncallback'...

CVE-2025-9219

CVE-2025-9219 affects Post SMTP – WP SMTP Plugin for WordPress. A missing capability check in the function update_post_smtp_pro_option_callback allows authenticated attackers with Subscriber-level access or higher to modify data and enable pro extensions. Affected versions are up to and including...

PT-2025-35705

Name of the Vulnerable Software and Affected Versions: Post SMTP – WP SMTP Plugin versions up to and including 3.4.1 Description: The Post SMTP – WP SMTP Plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check within the update post smtp pro option...