Vulnerabilities and security researches forsmtp-mailing-queue smtp-mailing-queue

Jun 16, 2026

CVE, Research URL: 966e6341b0fb8540929f2b28c0340b857e278ef6
Home page URL: Security reports for SMTP Mailing Queue
Application: SMTP Mailing Queue
Date: Apr 03, 2023
Research Description: SMTP Mailing Queue [smtp-mailing-queue] < 2.0.0 (closed) WordPress SMTP Mailing Queue Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS) Update the WordPress SMTP Mailing Queue plugin to the latest available version (at least 2.0.0). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress SMTP Mailing Queue Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.0.0.
Affected versions: max 2.0.0.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-1090
Home page URL: Security reports for SMTP Mailing Queue
Application: SMTP Mailing Queue
Date: May 02, 2023
Research Description: The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 2.0.1.
Status: vulnerable

CVE, Research URL: 50102fa9853d89dbd009f668642c536bd89820d6
Home page URL: Security reports for SMTP Mailing Queue
Application: SMTP Mailing Queue
Date: Apr 03, 2023
Research Description: SMTP Mailing Queue [smtp-mailing-queue] < 2.0.0 (closed) SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting The SMTP Mailing Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mailing settings in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 2.0.0.
Status: vulnerable