Wpexperts Post_smtp
19 CVEs affecting Wpexperts Post_smtp. Latest disclosed: 2025-03-08. Critical: 1, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6875 | Critical | 9.8 | 2024-01-11 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of… |
CVE-2023-3179 | High | 8.8 | 2023-07-17 | The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users w… |
CVE-2023-52233 | High | 8.6 | 2024-06-11 | Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. |
CVE-2024-52436 | High | 7.6 | 2024-11-18 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal Post SMTP post-smtp allows Blind SQL Injection… |
CVE-2025-0521 | High | 7.2 | 2025-02-18 | The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2… |
CVE-2024-5207 | High | 7.2 | 2024-05-30 | The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQ… |
CVE-2023-6620 | High | 7.2 | 2024-01-15 | The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a S… |
CVE-2023-7027 | High | 7.2 | 2024-01-03 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scrip… |
CVE-2023-3082 | High | 7.2 | 2023-07-12 | The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient… |
CVE-2022-2352 | High | 7.2 | 2022-09-26 | The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users su… |
CVE-2024-29128 | High | 7.1 | 2024-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affec… |
CVE-2023-6621 | Medium | 6.1 | 2024-01-03 | The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-… |
CVE-2023-6629 | Medium | 6.1 | 2024-01-03 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Sc… |
CVE-2023-5958 | Medium | 6.1 | 2023-11-27 | The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attac… |
CVE-2024-13844 | Medium | 4.9 | 2025-03-08 | The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insuff… |
CVE-2022-2351 | Medium | 4.8 | 2022-09-16 | The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high… |
CVE-2025-22800 | Medium | 4.3 | 2025-01-13 | Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… |
CVE-2023-3178 | Medium | 4.3 | 2024-01-16 | The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users w… |
CVE-2021-4422 | Medium | 4.3 | 2023-07-12 | The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incor… |