Wpexperts Post_smtp

19 CVEs affecting Wpexperts Post_smtp. Latest disclosed: 2025-03-08. Critical: 1, High: 10.

Top CVEs affecting Wpexperts Post_smtp
CVESeverityScorePublishedSummary
CVE-2023-6875Critical9.82024-01-11The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of…
CVE-2023-3179High8.82023-07-17The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users w…
CVE-2023-52233High8.62024-06-11Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
CVE-2024-52436High7.62024-11-18Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal Post SMTP post-smtp allows Blind SQL Injection…
CVE-2025-0521High7.22025-02-18The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2…
CVE-2024-5207High7.22024-05-30The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQ…
CVE-2023-6620High7.22024-01-15The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a S…
CVE-2023-7027High7.22024-01-03The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scrip…
CVE-2023-3082High7.22023-07-12The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient…
CVE-2022-2352High7.22022-09-26The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users su…
CVE-2024-29128High7.12024-03-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affec…
CVE-2023-6621Medium6.12024-01-03The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-…
CVE-2023-6629Medium6.12024-01-03The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Sc…
CVE-2023-5958Medium6.12023-11-27The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attac…
CVE-2024-13844Medium4.92025-03-08The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insuff…
CVE-2022-2351Medium4.82022-09-16The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high…
CVE-2025-22800Medium4.32025-01-13Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…
CVE-2023-3178Medium4.32024-01-16The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users w…
CVE-2021-4422Medium4.32023-07-12The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incor…