Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpexperts post smtp vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-6621
The POST SMTP WordPress plugin prior to 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Wpexperts Post Smtp
6.1
CVSSv3
CVE-2023-6629
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input s...
Wpexperts Post Smtp
5.4
CVSSv3
CVE-2023-7027
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sani...
Wpexperts Post Smtp
4.8
CVSSv3
CVE-2022-2351
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability i...
Wpexperts Post Smtp
7.2
CVSSv3
CVE-2022-2352
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
Wpexperts Post Smtp
4.3
CVSSv3
CVE-2023-3178
The POST SMTP Mailer WordPress plugin prior to 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow malicious users to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
Wpexperts Post Smtp
7.2
CVSSv3
CVE-2023-6620
The POST SMTP Mailer WordPress plugin prior to 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.
Wpexperts Post Smtp Mailer
9.8
CVSSv3
CVE-2023-6875
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, ...
Wpexperts Post Smtp Mailer
2 Github repositories
6.1
CVSSv3
CVE-2023-5958
The POST SMTP Mailer WordPress plugin prior to 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated malicious user to perform XSS attacks against highly privileged users.
Wpexperts Post Smtp Mailer
6.1
CVSSv3
CVE-2023-3082
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inject arbitrary we...
Wpexperts Post Smtp Mailer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »