High severity7.1NVD Advisory· Published Jun 6, 2025· Updated Apr 23, 2026
CVE-2025-28974
CVE-2025-28974
Description
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0.
Affected products
1- Range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.