Every CVE whose affected-product data names Wpexperts Post Smtp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-6875 — CVSS 9.8 (critical): The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to…
CVE-2023-3179 — CVSS 8.8 (high): The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to…
CVE-2023-52233 — CVSS 8.6 (high): Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through…
CVE-2024-52436 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal Post SMTP post-smtp allows…
CVE-2023-6620 — CVSS 7.2 (high): The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL…
CVE-2024-5207 — CVSS 7.2 (high): The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is…
CVE-2025-0521 — CVSS 7.2 (high): The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to…
CVE-2022-2352 — CVSS 7.2 (high): The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow…
CVE-2023-3082 — CVSS 7.2 (high): The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7…
CVE-2023-7027 — CVSS 7.2 (high): The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to…
CVE-2024-29128 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected…
CVE-2023-6629 — CVSS 6.1 (medium): The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to…
CVE-2023-5958 — CVSS 6.1 (medium): The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an…
CVE-2023-6621 — CVSS 6.1 (medium): The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading…
CVE-2024-13844 — CVSS 4.9 (medium): The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and…
CVE-2022-2351 — CVSS 4.8 (medium): The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins…
CVE-2025-22800 — CVSS 4.3 (medium): Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security…
CVE-2023-3178 — CVSS 4.3 (medium): The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to…
CVE-2021-4422 — CVSS 4.3 (medium): The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due…