Vulnerabilities and security researches forwp-mail-catcher wp-mail-catcher

Jun 07, 2024

CVE, Research URL: CVE-2023-3080
Home page URL: Security reports for Mail logging – WP Mail Catcher
Application: Mail logging – WP Mail Catcher
Date: Jul 12, 2023
Research Description: The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.1.3.
Status: vulnerable

CVE, Research URL: CVE-2023-50844
Home page URL: Security reports for Mail logging – WP Mail Catcher
Application: Mail logging – WP Mail Catcher
Date: Dec 29, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from n/a through 2.1.3.
Affected versions: max 2.1.4.
Status: vulnerable

CVE, Research URL: CVE-2024-32099
Home page URL: Security reports for Mail logging – WP Mail Catcher
Application: Mail logging – WP Mail Catcher
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6.
Affected versions: max 2.1.7.
Status: vulnerable

Oct 01, 2024

CVE, Research URL: CVE-2024-47339
Home page URL: Security reports for Mail logging – WP Mail Catcher
Application: Mail logging – WP Mail Catcher
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JWardee WP Mail Catcher wp-mail-catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through <= 2.1.9.
Affected versions: max 2.1.10.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 4c00f17230eed2f29d9bb914fe888facda6f36ce
Home page URL: Security reports for Mail logging – WP Mail Catcher
Application: Mail logging – WP Mail Catcher
Date: Oct 29, 2023
Research Description: Mail logging – WP Mail Catcher [wp-mail-catcher] < 2.1.4 Mail logging - WP Mail Catcher <= 2.1.3 - Authenticated (Admin+) SQL Injection The Mail logging – WP Mail Catcher plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 2.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.1.4.
Status: vulnerable