Lucene search
K
WpexpertsPost Smtp

19 matches found

CVE
CVE
added 2024/01/11 8:33 a.m.210 views

CVE-2023-6875

WordPress POST SMTP Mailer plugin (

9.8CVSS7.2AI score0.90339EPSS
In wildWeb
CVE
CVE
added 2024/01/03 4:29 a.m.131 views

CVE-2023-7027

The CVE-2023-7027 vulnerability affects the WordPress Post SMTP Mailer plugin (WPExperts) for WordPress, with all versions up to 2.8.7 vulnerable to Stored Cross-Site Scripting via the device header due to insufficient input sanitization and output escaping. This permits unauthenticated attackers...

7.2CVSS6.6AI score0.00941EPSS
CVE
CVE
added 2023/07/12 4:38 a.m.107 views

CVE-2023-3082

The CVE-2023-3082 entry relates to the WordPress Post SMTP plugin (versions up to and including 2.5.7). The root cause is insufficient input sanitization and output escaping in email contents, enabling Stored Cross-Site Scripting (XSS). The impact is unauthenticated attackers can inject arbitrary...

7.2CVSS5.9AI score0.00496EPSS
CVE
CVE
added 2024/06/11 4:5 p.m.92 views

CVE-2023-52233

The CVE-2023-52233 entry concerns the WordPress plugin Post SMTP Mailer/Email Log (versions n/a–2.8.6). The authenticated note in Patchstack indicates a Missing Authorization/ Broken Access Control on the API, exploitable by an unauthenticated actor. Affects the plugin’s API surface, allowing una...

9.8CVSS9.1AI score0.00367EPSS
CVE
CVE
added 2022/09/26 12:35 p.m.87 views

CVE-2022-2352

CVE-2022-2352 affects the WordPress Post SMTP Mailer/Email Log plugin prior to 2.1.7. The issue is lack of proper authorization in certain AJAX actions, enabling high-privilege users (e.g., admins) to perform blind SSRF on multisite installations. Remediation is to update to version 2.1.7 or late...

7.2CVSS6.8AI score0.01039EPSS
Web
CVE
CVE
added 2024/01/03 4:29 a.m.87 views

CVE-2023-6629

The CVE-2023-6629 entry concerns the WordPress plugin Post SMTP Mailer (Post SMTP) – Email Log/Delivery Failure Notifications. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the msg parameter in all versions up to 2.8.6 due to insufficient input sanitization and output esca...

6.1CVSS6.8AI score0.00442EPSS
CVE
CVE
added 2023/07/12 6:52 a.m.84 views

CVE-2021-4422

The CVE-2021-4422 entry concerns the WordPress POST SMTP Mailer plugin (

4.3CVSS4.5AI score0.00541EPSS
CVE
CVE
added 2022/09/16 8:40 a.m.80 views

CVE-2022-2351

The CVE-2022-2351 entry applies to the WordPress Post SMTP Mailer/Email Log plugin (versions before 2.1.4). The root cause is failure to escape certain settings before output in the admin dashboard, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallow...

4.8CVSS4.8AI score0.00538EPSS
CVE
CVE
added 2025/02/18 11:10 a.m.79 views

CVE-2025-0521

CVE-2025-0521 (Post SMTP – WordPress) The WordPress Post SMTP plugin is vulnerable to stored XSS via the from and subject parameters in all versions up to 3.0.2 due to insufficient input sanitization and output escaping. The issue is exploitable by unauthenticated attackers, who can inject web sc...

7.2CVSS6.1AI score0.003EPSS
CVE
CVE
added 2024/03/19 2:4 p.m.74 views

CVE-2024-29128

The CVE-2024-29128 entry concerns the WordPress Post SMTP Mailer plugin. Affected software: Post SMTP plugin versions n/a through 2.8.6. Root cause: Improper neutralization of input during web page generation, yielding Reflected Cross‑Site Scripting (XSS). Impact: unauthenticated attackers could ...

7.1CVSS5.2AI score0.00382EPSS
CVE
CVE
added 2024/05/30 5:33 a.m.74 views

CVE-2024-5207

CVE-2024-5207 : Time-based SQL Injection in Post SMTP – WordPress SMTP Plugin (

7.2CVSS7.2AI score0.00495EPSS
CVE
CVE
added 2024/01/16 3:55 p.m.70 views

CVE-2023-3178

CVE-2023-3178 affects the WordPress plugin Post SMTP Mailer prior to version 2.5.7. The vulnerability is due to improper CSRF checks in certain AJAX actions, which could allow an attacker to leverage a logged-in user with the manage_postman_smtp capability to delete arbitrary logs via CSRF. Affec...

4.3CVSS4.6AI score0.00266EPSS
Web
CVE
CVE
added 2023/11/27 4:22 p.m.70 views

CVE-2023-5958

The CVE-2023-5958 entry concerns the WordPress Post SMTP Mailer plugin. Affected versions are prior to 2.7.1, where email message content is not escaped before being displayed in the backend. This allows an unauthenticated attacker to trigger cross-site scripting (XSS) attacks against highly priv...

6.1CVSS6AI score0.0051EPSS
Web
CVE
CVE
added 2024/11/18 2:30 p.m.66 views

CVE-2024-52436

CVE-2024-52436 maps to a SQL Injection in the WordPress Post SMTP plugin, specifically versions n/a through 2.9.9. The root cause is improper neutralization of special elements in an SQL command, enabling Blind SQL Injection. Multiple sources (Patchstack, RH, NVD, CVE lists) corroborate the impac...

7.6CVSS7.3AI score0.00456EPSS
CVE
CVE
added 2024/01/15 3:10 p.m.65 views

CVE-2023-6620

The CVE-2023-6620 entry concerns the WordPress Post SMTP Mailer plugin (versions before 2.8.7). Multiple connected sources confirm a SQL injection vulnerability arising from improper sanitization/escaping of parameters used in SQL statements, exploitable by high-privilege users (e.g., admins). CV...

7.2CVSS7.1AI score0.14169EPSS
Web
CVE
CVE
added 2023/07/17 1:29 p.m.64 views

CVE-2023-3179

CVE-2023-3179 affects the WordPress Post SMTP Mailer plugin prior to version 2.5.7. The vulnerability is a CSRF flaw in certain AJAX actions that can let an attacker trigger a logged-in user with the manage_postman_smtp capability to resend an email to any address, potentially enabling account ta...

8.8CVSS8.7AI score0.00386EPSS
Web
CVE
CVE
added 2025/03/08 5:30 a.m.63 views

CVE-2024-13844

The CVE-2024-13844 entry concerns Post SMTP for WordPress. It describes an SQL Injection via the columns parameter in versions up to 3.1.2, exploitable by an authenticated Administrator+ user to append additional SQL and extract sensitive data. Wordfence notes this CVE as patched in the related v...

4.9CVSS5.2AI score0.00368EPSS
CVE
CVE
added 2024/01/03 8:32 a.m.51 views

CVE-2023-6621

The CVE-2023-6621 entry applies to the WordPress Post SMTP plugin (versions before 2.8.7). Root cause: the msg parameter is not sanitized/escaped before echoing back on the page, causing a Reflected Cross-Site Scripting vulnerability. Impact: could affect high-privilege users such as admins; CVSS...

6.1CVSS6AI score0.00401EPSS
Web
CVE
CVE
added 2025/01/13 1:11 p.m.50 views

CVE-2025-22800

CVE-2025-22800 affects the WordPress Post SMTP plugin (versions 2.9.11 and earlier). The issue is described as a Missing Authorization vulnerability caused by incorrectly configured access control security levels, enabling unauthorized access with high impact to confidentiality, integrity, and av...

8.8CVSS7.2AI score0.00371EPSS