19 matches found
CVE-2023-6875
WordPress POST SMTP Mailer plugin (
CVE-2023-7027
The CVE-2023-7027 vulnerability affects the WordPress Post SMTP Mailer plugin (WPExperts) for WordPress, with all versions up to 2.8.7 vulnerable to Stored Cross-Site Scripting via the device header due to insufficient input sanitization and output escaping. This permits unauthenticated attackers...
CVE-2023-3082
The CVE-2023-3082 entry relates to the WordPress Post SMTP plugin (versions up to and including 2.5.7). The root cause is insufficient input sanitization and output escaping in email contents, enabling Stored Cross-Site Scripting (XSS). The impact is unauthenticated attackers can inject arbitrary...
CVE-2023-52233
The CVE-2023-52233 entry concerns the WordPress plugin Post SMTP Mailer/Email Log (versions n/a–2.8.6). The authenticated note in Patchstack indicates a Missing Authorization/ Broken Access Control on the API, exploitable by an unauthenticated actor. Affects the plugin’s API surface, allowing una...
CVE-2022-2352
CVE-2022-2352 affects the WordPress Post SMTP Mailer/Email Log plugin prior to 2.1.7. The issue is lack of proper authorization in certain AJAX actions, enabling high-privilege users (e.g., admins) to perform blind SSRF on multisite installations. Remediation is to update to version 2.1.7 or late...
CVE-2023-6629
The CVE-2023-6629 entry concerns the WordPress plugin Post SMTP Mailer (Post SMTP) – Email Log/Delivery Failure Notifications. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the msg parameter in all versions up to 2.8.6 due to insufficient input sanitization and output esca...
CVE-2021-4422
The CVE-2021-4422 entry concerns the WordPress POST SMTP Mailer plugin (
CVE-2022-2351
The CVE-2022-2351 entry applies to the WordPress Post SMTP Mailer/Email Log plugin (versions before 2.1.4). The root cause is failure to escape certain settings before output in the admin dashboard, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallow...
CVE-2025-0521
CVE-2025-0521 (Post SMTP – WordPress) The WordPress Post SMTP plugin is vulnerable to stored XSS via the from and subject parameters in all versions up to 3.0.2 due to insufficient input sanitization and output escaping. The issue is exploitable by unauthenticated attackers, who can inject web sc...
CVE-2024-29128
The CVE-2024-29128 entry concerns the WordPress Post SMTP Mailer plugin. Affected software: Post SMTP plugin versions n/a through 2.8.6. Root cause: Improper neutralization of input during web page generation, yielding Reflected Cross‑Site Scripting (XSS). Impact: unauthenticated attackers could ...
CVE-2024-5207
CVE-2024-5207 : Time-based SQL Injection in Post SMTP – WordPress SMTP Plugin (
CVE-2023-3178
CVE-2023-3178 affects the WordPress plugin Post SMTP Mailer prior to version 2.5.7. The vulnerability is due to improper CSRF checks in certain AJAX actions, which could allow an attacker to leverage a logged-in user with the manage_postman_smtp capability to delete arbitrary logs via CSRF. Affec...
CVE-2023-5958
The CVE-2023-5958 entry concerns the WordPress Post SMTP Mailer plugin. Affected versions are prior to 2.7.1, where email message content is not escaped before being displayed in the backend. This allows an unauthenticated attacker to trigger cross-site scripting (XSS) attacks against highly priv...
CVE-2024-52436
CVE-2024-52436 maps to a SQL Injection in the WordPress Post SMTP plugin, specifically versions n/a through 2.9.9. The root cause is improper neutralization of special elements in an SQL command, enabling Blind SQL Injection. Multiple sources (Patchstack, RH, NVD, CVE lists) corroborate the impac...
CVE-2023-6620
The CVE-2023-6620 entry concerns the WordPress Post SMTP Mailer plugin (versions before 2.8.7). Multiple connected sources confirm a SQL injection vulnerability arising from improper sanitization/escaping of parameters used in SQL statements, exploitable by high-privilege users (e.g., admins). CV...
CVE-2023-3179
CVE-2023-3179 affects the WordPress Post SMTP Mailer plugin prior to version 2.5.7. The vulnerability is a CSRF flaw in certain AJAX actions that can let an attacker trigger a logged-in user with the manage_postman_smtp capability to resend an email to any address, potentially enabling account ta...
CVE-2024-13844
The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...
CVE-2023-6621
The CVE-2023-6621 entry applies to the WordPress Post SMTP plugin (versions before 2.8.7). Root cause: the msg parameter is not sanitized/escaped before echoing back on the page, causing a Reflected Cross-Site Scripting vulnerability. Impact: could affect high-privilege users such as admins; CVSS...
CVE-2025-22800
CVE-2025-22800 affects the WordPress Post SMTP plugin (versions 2.9.11 and earlier). The issue is described as a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access with high impact to confidentiality, integrity, and av...