cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5207,https://securityvulnerability.io/vulnerability/CVE-2024-5207,WordPress SMTP Plugin Vulnerable to SQL Injection,"The POST SMTP Plugin for WordPress is susceptible to a time-based SQL Injection vulnerability. This issue arises from insufficient escaping of user-supplied parameters and inadequate query preparation in versions prior to 2.9.3. As a result, authenticated users with administrative permissions may exploit this flaw to insert harmful SQL queries into existing commands, potentially allowing them to extract sensitive information from the database. Proper security measures and updates are critical to safeguard against this vulnerability.",Wordpress,Post Smtp – The WordPress Smtp Plugin With Email Logs And Mobile App For Email Failure Notifications,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-30T05:33:15.366Z,0
CVE-2023-3178,https://securityvulnerability.io/vulnerability/CVE-2023-3178,POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF,"The POST SMTP Mailer plugin for WordPress, prior to version 2.5.7, contains a vulnerability where it lacks proper Cross-Site Request Forgery (CSRF) checks for certain AJAX actions. This flaw could lead to an attacker exploiting the plugin by tricking authenticated users who possess the manage_postman_smtp capability into unintentionally executing actions that result in the deletion of arbitrary logs. This unauthorized access poses significant risks to the integrity of user data and overall site security.",Wordpress,POST SMTP Mailer,4.3,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-16T15:55:29.719Z,0
CVE-2023-6620,https://securityvulnerability.io/vulnerability/CVE-2023-6620,Post SMTP < 2.8.7 - Admin+ SQL Injection,"The POST SMTP Mailer WordPress plugin exhibits a vulnerability due to inadequate sanitization and escaping of various parameters utilized within SQL statements. This flaw can be exploited by users with elevated privileges, such as those with admin access, potentially allowing them to execute unauthorized SQL queries. Proper measures should be taken to ensure that the plugin is updated to version 2.8.7 or later to mitigate this risk.",Wordpress,POST SMTP Mailer,7.2,HIGH,0.0008399999933317304,false,,false,false,true,true,false,false,2024-01-15T15:10:41.386Z,0
CVE-2023-6875,https://securityvulnerability.io/vulnerability/CVE-2023-6875,Unauthorized Access to Data and Modification of Data in POST SMTP Mailer Plugin,"The POST SMTP Mailer plugin for WordPress is vulnerable due to a type juggling issue present on the connect-app REST endpoint in all versions up to and including 2.8.7. This vulnerability enables unauthenticated attackers to gain unauthorized access to sensitive data and make modifications. Specifically, attackers can exploit this vulnerability to reset the API key used for authenticating the mailer, gaining the ability to view logs that may contain sensitive information, such as password reset emails. This poses a significant risk of site takeover, as the leaked credentials could be used to compromise the security of affected WordPress installations.",Wordpress,POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications,9.8,CRITICAL,0.8679400086402893,false,,false,false,true,true,false,false,2024-01-11T08:33:06.214Z,0
CVE-2023-6621,https://securityvulnerability.io/vulnerability/CVE-2023-6621,Post SMTP < 2.8.7 - Reflected Cross-Site Scripting,"The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",Wordpress,POST SMTP,6.1,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-03T09:15:00.000Z,0
CVE-2023-7027,https://securityvulnerability.io/vulnerability/CVE-2023-7027,Stored Cross-Site Scripting in POST SMTP Mailer Plugin for WordPress,"The POST SMTP Mailer plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'device' header. This issue arises from inadequate input sanitization and output escaping, allowing attackers to inject arbitrary web scripts. These scripts can execute whenever a user accesses a page where the malicious input has been injected, potentially compromising user security and integrity.",Wordpress,POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications,5.4,MEDIUM,0.002630000002682209,false,,false,false,false,,false,false,2024-01-03T05:15:00.000Z,0
CVE-2023-6629,https://securityvulnerability.io/vulnerability/CVE-2023-6629,Reflected Cross-Site Scripting in POST SMTP Mailer Plugin for WordPress,"A reflected cross-site scripting vulnerability exists in the POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP plugin for WordPress. This vulnerability arises from inadequate input sanitization and output escaping associated with the 'msg' parameter. Attackers can exploit this flaw to inject arbitrary web scripts into pages, which execute if an unsuspecting user is lured into clicking a malicious link. This poses significant security concerns for WordPress sites using this plugin, allowing unauthorized script execution without proper user authentication.",Wordpress,POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications,6.1,MEDIUM,0.0007099999929778278,false,,false,false,false,,false,false,2024-01-03T05:15:00.000Z,0
CVE-2023-5958,https://securityvulnerability.io/vulnerability/CVE-2023-5958,POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting,"The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.",Wordpress,POST SMTP Mailer,6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,false,false,2023-11-27T17:15:00.000Z,0
CVE-2023-3179,https://securityvulnerability.io/vulnerability/CVE-2023-3179,POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF,"The POST SMTP Mailer Plugin for WordPress, specifically versions before 2.5.7, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw arises due to inadequate CSRF checks in certain AJAX actions. As a result, attackers can exploit logged-in users who possess the manage_postman_smtp capability to send emails to unauthorized addresses. For instance, this could facilitate the unsolicited retransmission of sensitive emails, including password reset links, to an attacker-controlled email account, potentially leading to unauthorized account access and control.",Wordpress,Post Smtp Mailer,8.8,HIGH,0.0015200000489130616,false,,false,false,false,,false,false,2023-07-17T14:15:00.000Z,0
CVE-2021-4422,https://securityvulnerability.io/vulnerability/CVE-2021-4422,Cross-Site Request Forgery in POST SMTP Mailer Plugin for WordPress,"The POST SMTP Mailer plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation on the handleCsvExport() function. This vulnerability allows unauthenticated attackers to potentially trigger a CSV export by crafting a malicious request, deceiving an administrator into executing it through social engineering tactics such as enticing them to click a link.",Wordpress,"Post Smtp Mailer – Email Log, Delivery Failure Notifications And Best Mail Smtp For WordPress",4.3,MEDIUM,0.001449999981559813,false,,false,false,false,,false,false,2023-07-12T06:52:35.453Z,0
CVE-2023-3082,https://securityvulnerability.io/vulnerability/CVE-2023-3082,Stored Cross-Site Scripting Vulnerability in Post SMTP Plugin for WordPress,"The Post SMTP plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input validation and output encoding. This vulnerability allows unauthenticated attackers to embed malicious scripts within email content, which can be executed when other users view an affected page. As a result, it poses a significant risk to users by compromising their session, potentially revealing sensitive data or allowing for further exploitation of the site.",Wordpress,"POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress",6.1,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-07-12T05:15:00.000Z,0
CVE-2022-2352,https://securityvulnerability.io/vulnerability/CVE-2022-2352,Post SMTP < 2.1.7 - Admin+ Blind SSRF,"The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example.",Wordpress,Post Smtp Mailer/email Log,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-09-26T12:35:32.000Z,0
CVE-2022-2351,https://securityvulnerability.io/vulnerability/CVE-2022-2351,Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting,"The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.",Wordpress,Post Smtp Mailer/email Log,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-09-16T08:40:27.000Z,0