Post SMTP
by WordPress
Source repositories
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5958 | 0.00 | — | 0.01 | Nov 27, 2023 | The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. | |||
| CVE-2023-3179 | 0.00 | — | 0.00 | Jul 17, 2023 | The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could… | |||
| CVE-2017-18603 | 0.00 | — | 0.01 | Sep 10, 2019 | The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. |
- CVE-2023-5958Nov 27, 2023risk 0.00cvss —epss 0.01
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
- CVE-2023-3179Jul 17, 2023risk 0.00cvss —epss 0.00
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could…
- CVE-2017-18603Sep 10, 2019risk 0.00cvss —epss 0.01
The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.
Page 2 of 2