Wpexperts

Post Smtp

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-13844

  • EPSS 0.07%
  • Veröffentlicht 08.03.2025 06:15:36
  • Zuletzt bearbeitet 13.03.2025 13:10:31

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

6.1

CVE-2025-0521

  • EPSS 0.21%
  • Veröffentlicht 18.02.2025 11:15:12
  • Zuletzt bearbeitet 21.02.2025 12:16:09

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unau...

8.8

CVE-2025-22800

  • EPSS 0.12%
  • Veröffentlicht 13.01.2025 14:15:13
  • Zuletzt bearbeitet 04.06.2025 14:37:20

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.

7.2

CVE-2024-52436

  • EPSS 0.23%
  • Veröffentlicht 18.11.2024 15:15:08
  • Zuletzt bearbeitet 20.11.2024 15:24:35

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.

9.8

CVE-2023-52233

  • EPSS 0.12%
  • Veröffentlicht 11.06.2024 16:15:16
  • Zuletzt bearbeitet 04.06.2025 15:05:06

Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.

7.2

CVE-2024-5207

  • EPSS 0.78%
  • Veröffentlicht 30.05.2024 06:15:09
  • Zuletzt bearbeitet 05.06.2025 20:49:19

The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to i...

6.1

CVE-2024-29128

  • EPSS 0.07%
  • Veröffentlicht 19.03.2024 14:15:08
  • Zuletzt bearbeitet 27.02.2025 03:34:34

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6.

4.3

CVE-2023-3178

Exploit
  • EPSS 0.16%
  • Veröffentlicht 16.01.2024 16:15:11
  • Zuletzt bearbeitet 02.06.2025 16:15:24

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

7.2

CVE-2023-6620

Exploit
  • EPSS 1.66%
  • Veröffentlicht 15.01.2024 16:15:12
  • Zuletzt bearbeitet 04.06.2025 15:05:06

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.

9.8

CVE-2023-6875

  • EPSS 93.82%
  • Veröffentlicht 11.01.2024 09:15:52
  • Zuletzt bearbeitet 04.06.2025 15:05:06

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint...