Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App, with AI-generated Chinese analysis, references, and POCs.

Vendor: saadiqbal

CVE IDTitleCVSSSeverityPublished
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' CWE-79 7.2 High2026-03-18
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite CWE-862 5.3 Medium2026-03-18
CVE-2025-12887 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update CWE-862 5.4 Medium2025-12-03
CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure CWE-862 9.8 Critical2025-11-01
CVE-2025-9219 Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update CWE-862 4.3 Medium2025-09-03
CVE-2024-13844 Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter CWE-89 4.9 Medium2025-03-08
CVE-2025-0521 Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2025-02-18
CVE-2024-5207 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection CWE-89 7.2 High2024-05-30
CVE-2023-6875 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API CWE-639 9.8 Critical2024-01-11
CVE-2023-6629 POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg CWE-79 6.1 Medium2024-01-03
CVE-2023-7027 POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device CWE-79 7.2 High2024-01-03
CVE-2021-4422 POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass CWE-352 4.3 Medium2023-07-12
CVE-2023-3082 Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email CWE-79 7.2 High2023-07-12

All 13 known CVE vulnerabilities affecting Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App with full Chinese analysis, references, and POCs where available.