CVE-2026-3090

The CVE-2026-3090 entry describes a Stored Cross-Site Scripting vulnerability in the Post SMTP WordPress plugin (versions up to 3.8.0). The issue is triggered by the event_type parameter and arises from insufficient input sanitization and output escaping. Exploitation requires unauthenticated acc...

PT-2026-26072

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...