CVE-2025-62762

CVE-2025-62762 describes a CSRF vulnerability in the WordPress plugin SMTP Mail (smtp-mail) affecting versions from earlier up to

EUVD-2025-10793

Malicious code in bioql PyPI...

WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin SMTP for Amazon SES versions = 1.9...

CVE-2023-3092

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated...

CVE-2025-31015

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! ...

CVE-2025-31015

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! ...

CVE-2025-31015 WordPress SMTP Service, Email Delivery Solved! — MailHawk plugin <= 1.3.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! ...

CVE-2025-31015 WordPress SMTP Service, Email Delivery Solved! — MailHawk plugin <= 1.3.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhawk allows PHP Local File Inclusion.This issue affects WordPress SMTP Service, Email Delivery Solved! ...

WordPress SMTP for Amazon SES – YaySMTP plugin <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability

Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability discovered by zer0gh0st in WordPress Plugin SMTP for Amazon SES versions = 1.8...

WordPress SMTP Service, Email Delivery Solved! — MailHawk plugin <= 1.3.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WordPress SMTP Service, Email Delivery Solved! — MailHawk versions = 1.3.1...

WordPress SMTP by BestWebSoft plugin <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Hoang Phuc Vo HrxKnight in WordPress Plugin SMTP by BestWebSoft versions = 1.1.9...

CVE-2024-5207

The POST SMTP – The 1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...

CVE-2024-5207

The POST SMTP – The 1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied...

CVE-2024-1789

The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...

PT-2023-11368 · WordPress · Easy Wp Smtp

Name of the Vulnerable Software and Affected Versions: Easy WP SMTP plugin for WordPress versions up to, and including, 1.3.9 Description: The issue is due to missing capability checks on the admin init function, in addition to insufficient input validation. This allows unauthenticated attackers ...

WordPress SMTP Mailing Queue Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software SMTP Mailing Queue Type Plugin Vulnerable versions = 1.4.7 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 28dbb3603702 Credits WordFence Required privilege...

CVE-2017-7723

XSS exists in Easy WP SMTP before 1.2.5, a WordPress Plugin, via the e-mail subject or body...

VulnCheck KEV: CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...