Post smtp

This hub aggregates every CVE we track for Post smtp, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Plugins

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH12MEDIUM9CRITICAL2

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Post smtp.

CVE-2026-48838WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability7.1Jun 15, 2026
CVE-2025-67563WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability5.3Dec 9, 2025
CVE-2025-11833Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure9.8Nov 1, 2025
CVE-2025-24000WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability8.8Aug 7, 2025
CVE-2024-13844Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter4.9Mar 8, 2025
CVE-2025-0521Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting7.2Feb 18, 2025
CVE-2025-22800WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability4.3Jan 13, 2025
CVE-2024-52436WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability7.6Nov 18, 2024
CVE-2023-52233WordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerability8.6Jun 11, 2024
CVE-2024-5207POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection7.2May 30, 2024
CVE-2024-29128WordPress POST SMTP Mailer plugin <= 2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability7.1Mar 19, 2024
CVE-2023-3178POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF4.3Jan 16, 2024
CVE-2023-6620Post SMTP < 2.8.7 - Admin+ SQL Injection7.2Jan 15, 2024
CVE-2023-6875POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API9.8Jan 11, 2024
CVE-2023-6621Post SMTP < 2.8.7 - Reflected Cross-Site Scripting6.1Jan 3, 2024

Product normalization is registry-driven with AI assist and human review. How it works