cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3178,https://securityvulnerability.io/vulnerability/CVE-2023-3178,POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF,"The POST SMTP Mailer plugin for WordPress, prior to version 2.5.7, contains a vulnerability where it lacks proper Cross-Site Request Forgery (CSRF) checks for certain AJAX actions. This flaw could lead to an attacker exploiting the plugin by tricking authenticated users who possess the manage_postman_smtp capability into unintentionally executing actions that result in the deletion of arbitrary logs. This unauthorized access poses significant risks to the integrity of user data and overall site security.",Wordpress,POST SMTP Mailer,4.3,MEDIUM,0.000539999979082495,false,,false,false,true,2024-01-16T15:55:29.000Z,true,false,false,,2024-01-16T15:55:29.719Z,0
CVE-2023-6620,https://securityvulnerability.io/vulnerability/CVE-2023-6620,Post SMTP < 2.8.7 - Admin+ SQL Injection,"The POST SMTP Mailer WordPress plugin exhibits a vulnerability due to inadequate sanitization and escaping of various parameters utilized within SQL statements. This flaw can be exploited by users with elevated privileges, such as those with admin access, potentially allowing them to execute unauthorized SQL queries. Proper measures should be taken to ensure that the plugin is updated to version 2.8.7 or later to mitigate this risk.",Wordpress,POST SMTP Mailer,7.2,HIGH,0.0008399999933317304,false,,false,false,true,2024-01-15T15:10:41.000Z,true,false,false,,2024-01-15T15:10:41.386Z,0
CVE-2023-5958,https://securityvulnerability.io/vulnerability/CVE-2023-5958,POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting,"The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.",Wordpress,POST SMTP Mailer,6.1,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-11-27T17:15:00.000Z,0
CVE-2023-3179,https://securityvulnerability.io/vulnerability/CVE-2023-3179,POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF,"The POST SMTP Mailer Plugin for WordPress, specifically versions before 2.5.7, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw arises due to inadequate CSRF checks in certain AJAX actions. As a result, attackers can exploit logged-in users who possess the manage_postman_smtp capability to send emails to unauthorized addresses. For instance, this could facilitate the unsolicited retransmission of sensitive emails, including password reset links, to an attacker-controlled email account, potentially leading to unauthorized account access and control.",Wordpress,Post Smtp Mailer,8.8,HIGH,0.0017099999822676182,false,,false,false,false,,,false,false,,2023-07-17T14:15:00.000Z,0
CVE-2021-4422,https://securityvulnerability.io/vulnerability/CVE-2021-4422,Cross-Site Request Forgery in POST SMTP Mailer Plugin for WordPress,"The POST SMTP Mailer plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation on the handleCsvExport() function. This vulnerability allows unauthenticated attackers to potentially trigger a CSV export by crafting a malicious request, deceiving an administrator into executing it through social engineering tactics such as enticing them to click a link.",Wordpress,"Post Smtp Mailer – Email Log, Delivery Failure Notifications And Best Mail Smtp For WordPress",4.3,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2023-07-12T06:52:35.453Z,0