Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpexperts post smtp mailer vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-5958
The POST SMTP Mailer WordPress plugin prior to 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated malicious user to perform XSS attacks against highly privileged users.
Wpexperts Post Smtp Mailer
9.8
CVSSv3
CVE-2023-6875
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, ...
Wpexperts Post Smtp Mailer
2 Github repositories
8.8
CVSSv3
CVE-2023-3179
The POST SMTP Mailer WordPress plugin prior to 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow malicious users to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset emai...
Wpexperts Post Smtp Mailer
6.1
CVSSv3
CVE-2023-3082
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inject arbitrary we...
Wpexperts Post Smtp Mailer
4.3
CVSSv3
CVE-2021-4422
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated malicious users to tr...
Wpexperts Post Smtp Mailer
1 Article
7.2
CVSSv3
CVE-2023-6620
The POST SMTP Mailer WordPress plugin prior to 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.
Wpexperts Post Smtp Mailer
5.4
CVSSv3
CVE-2023-7027
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sani...
Wpexperts Post Smtp
7.2
CVSSv3
CVE-2022-2352
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
Wpexperts Post Smtp
4.3
CVSSv3
CVE-2023-3178
The POST SMTP Mailer WordPress plugin prior to 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow malicious users to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
Wpexperts Post Smtp
4.8
CVSSv3
CVE-2022-2351
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability i...
Wpexperts Post Smtp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »