| CVE-2026-3090 | Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2026-03-18 15:28:29 | Deep Dive |
| CVE-2026-2559 | Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.3 | 2026-03-18 15:28:28 | Deep Dive |
| CVE-2025-67563 | WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability | Saad Iqbal | Post SMTP | Medium | 5.3 | 2025-12-09 14:14:11 | Deep Dive |
| CVE-2025-12887 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.4 | 2025-12-03 12:29:54 | Deep Dive |
| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2025-11-01 03:34:36 | Deep Dive |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2025-09-03 08:27:23 | Deep Dive |
| CVE-2025-24000 | WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability | Saad Iqbal | Post SMTP | High | 8.8 | 2025-08-07 16:58:29 | Deep Dive |
| CVE-2024-13844 | Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.9 | 2025-03-08 05:30:08 | Deep Dive |
| CVE-2025-0521 | Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2025-02-18 11:10:19 | Deep Dive |
| CVE-2025-22800 | WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability | Saad Iqbal | Post SMTP | Medium | 4.3 | 2025-01-13 13:11:37 | Deep Dive |
| CVE-2024-52436 | WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability | Saad Iqbal | Post SMTP | High | 7.6 | 2024-11-18 14:30:21 | Deep Dive |
| CVE-2023-52233 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerability | Post SMTP | Post SMTP Mailer/Email Log | High | 8.6 | 2024-06-11 16:05:39 | Deep Dive |
| CVE-2024-5207 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-05-30 05:33:15 | Deep Dive |
| CVE-2024-29128 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability | Post SMTP | POST SMTP | High | 7.1 | 2024-03-19 14:04:00 | Deep Dive |
| CVE-2023-3178 | POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF | Unknown | POST SMTP Mailer | 中危 | - | 2024-01-16 15:55:30 | Deep Dive |
| CVE-2023-6620 | Post SMTP < 2.8.7 - Admin+ SQL Injection | Unknown | POST SMTP Mailer | 高危 | - | 2024-01-15 15:10:41 | Deep Dive |
| CVE-2023-6875 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2024-01-11 08:33:06 | Deep Dive |
| CVE-2023-6621 | Post SMTP < 2.8.7 - Reflected Cross-Site Scripting | Unknown | POST SMTP | - | - | 2024-01-03 08:32:43 | Deep Dive |
| CVE-2023-7027 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-01-03 04:29:34 | Deep Dive |
| CVE-2023-6629 | POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 6.1 | 2024-01-03 04:29:34 | Deep Dive |