Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpexperts post smtp mailer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3082
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inject arbitrary we...
Wpexperts Post Smtp Mailer
NA
CVE-2023-5958
The POST SMTP Mailer WordPress plugin prior to 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated malicious user to perform XSS attacks against highly privileged users.
Wpexperts Post Smtp Mailer
NA
CVE-2023-6875
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, ...
Wpexperts Post Smtp Mailer
2 Github repositories
NA
CVE-2023-6620
The POST SMTP Mailer WordPress plugin prior to 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.
Wpexperts Post Smtp Mailer
NA
CVE-2023-3179
The POST SMTP Mailer WordPress plugin prior to 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow malicious users to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset emai...
Wpexperts Post Smtp Mailer
NA
CVE-2021-4422
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated malicious users to tr...
Wpexperts Post Smtp Mailer
1 Article
NA
CVE-2023-7027
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sani...
Wpexperts Post Smtp
NA
CVE-2022-2352
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.
Wpexperts Post Smtp
NA
CVE-2023-3178
The POST SMTP Mailer WordPress plugin prior to 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow malicious users to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
Wpexperts Post Smtp
NA
CVE-2022-2351
The Post SMTP Mailer/Email Log WordPress plugin prior to 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability i...
Wpexperts Post Smtp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »