Wpexperts

Post Smtp

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-13844

  • EPSS 0.07%
  • Published 08.03.2025 06:15:36
  • Last modified 13.03.2025 13:10:31

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

6.1

CVE-2025-0521

  • EPSS 0.21%
  • Published 18.02.2025 11:15:12
  • Last modified 21.02.2025 12:16:09

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unau...

8.8

CVE-2025-22800

  • EPSS 0.12%
  • Published 13.01.2025 14:15:13
  • Last modified 04.06.2025 14:37:20

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11.

7.2

CVE-2024-52436

  • EPSS 0.23%
  • Published 18.11.2024 15:15:08
  • Last modified 20.11.2024 15:24:35

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.

9.8

CVE-2023-52233

  • EPSS 0.12%
  • Published 11.06.2024 16:15:16
  • Last modified 04.06.2025 15:05:06

Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.

7.2

CVE-2024-5207

  • EPSS 0.78%
  • Published 30.05.2024 06:15:09
  • Last modified 05.06.2025 20:49:19

The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to i...

6.1

CVE-2024-29128

  • EPSS 0.07%
  • Published 19.03.2024 14:15:08
  • Last modified 27.02.2025 03:34:34

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6.

4.3

CVE-2023-3178

Exploit
  • EPSS 0.16%
  • Published 16.01.2024 16:15:11
  • Last modified 02.06.2025 16:15:24

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

7.2

CVE-2023-6620

Exploit
  • EPSS 1.66%
  • Published 15.01.2024 16:15:12
  • Last modified 04.06.2025 15:05:06

The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.

9.8

CVE-2023-6875

  • EPSS 93.82%
  • Published 11.01.2024 09:15:52
  • Last modified 04.06.2025 15:05:06

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint...