Lucene search
K

101 matches found

Positive Technologies
Positive Technologies
β€’added 2026/03/18 12:0 a.m.β€’14 views

PT-2026-26072

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜event type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...

7.2CVSS6AI score0.00229EPSS
Exploits0References5
Vulnrichment
Vulnrichment
β€’added 2026/01/21 5:32 p.m.β€’3 views

CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

4.8CVSS5.8AI score0.00229EPSS
Exploits1References5
Vulnrichment
Vulnrichment
β€’added 2026/01/21 5:29 p.m.β€’3 views

CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References5
Cvelist
Cvelist
β€’added 2026/01/21 5:27 p.m.β€’16 views

CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS0.00349EPSS
Exploits1References5
Vulnrichment
Vulnrichment
β€’added 2026/01/21 5:27 p.m.β€’3 views

CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.8AI score0.00349EPSS
Exploits1References5
RedhatCVE
RedhatCVE
β€’added 2026/01/09 10:34 a.m.β€’9 views

CVE-2017-18518

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01621EPSS
Exploits1References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 10:32 a.m.β€’9 views

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

6.1CVSS6AI score0.01011EPSS
Exploits1References1
Vulnrichment
Vulnrichment
β€’added 2025/12/31 4:26 p.m.β€’3 views

CVE-2025-62123 WordPress WP Gmail SMTP plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
β€’added 2025/12/07 4:11 a.m.β€’8 views

WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Post SMTP versions = 3.6.1...

5.3CVSS7AI score0.00276EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
β€’added 2025/12/03 12:0 a.m.β€’6 views

PT-2025-48804

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle gmail oauth redirect' function. This makes it possible for...

5.4CVSS5.9AI score0.0026EPSS
Exploits0References3
Patchstack
Patchstack
β€’added 2025/11/03 9:10 p.m.β€’13 views

WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability

Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...

9.8CVSS7AI score0.51507EPSS
Exploits1References1Affected Software1
Wordfence Blog
Wordfence Blog
β€’added 2025/11/03 5:24 p.m.β€’25 views

400,000 WordPress Sites Affected by Account Takeover Vulnerability in Post SMTP WordPress Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

9.8CVSS6.4AI score0.51507EPSS
Exploits1
RedhatCVE
RedhatCVE
β€’added 2025/11/02 3:48 a.m.β€’14 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.51507EPSS
Exploits1References1
NVD
NVD
β€’added 2025/11/01 4:15 a.m.β€’12 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS0.51507EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
β€’added 2025/11/01 12:0 a.m.β€’7 views

VulnCheck KEV: CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.9AI score0.51507EPSS
In wildExploits1References5
Cvelist
Cvelist
β€’added 2025/10/22 2:32 p.m.β€’24 views

CVE-2025-53232 WordPress WP Gmail SMTP plugin <= 1.0.7 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through = 1.0.7...

5.8CVSS0.00271EPSS
Exploits0References1
Patchstack
Patchstack
β€’added 2025/10/10 6:41 a.m.β€’6 views

WordPress WP Gmail SMTP plugin <= 1.0.7 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin WP Gmail SMTP versions = 1.0.7...

5.8CVSS6.8AI score0.00271EPSS
Exploits0Affected Software1
EUVD
EUVD
β€’added 2025/10/07 12:30 a.m.β€’6 views

EUVD-2017-9634

Malware in sbrugna...

6.1CVSS6.2AI score0.01621EPSS
Exploits1References2
EUVD
EUVD
β€’added 2025/10/03 8:7 p.m.β€’6 views

EUVD-2022-48683

Malicious code in bioql PyPI...

8.7CVSS8AI score0.00839EPSS
Exploits0References1
EUVD
EUVD
β€’added 2025/10/03 8:7 p.m.β€’8 views

EUVD-2023-58844

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00401EPSS
Exploits2References1
Rows per page
Query Builder