VYPR

Post SMTP

by WordPress

Source repositories

CVEs (23)

  • CVE-2023-5958Nov 27, 2023
    risk 0.00cvss epss 0.01

    The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

  • CVE-2023-3179Jul 17, 2023
    risk 0.00cvss epss 0.00

    The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could…

  • CVE-2017-18603Sep 10, 2019
    risk 0.00cvss epss 0.01

    The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.

Page 2 of 2