Vulnerabilities and security researches forwp-mail-smtp wp-mail-smtp

Jun 06, 2024

CVE, Research URL: 68ce888a3bdc02e62b7d57497d9bebac954992db
Home page URL: Security reports for WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
Application: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
Date: Dec 07, 2018
Research Description: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin [wp-mail-smtp] < 1.4.0 (closed) WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by RIPS Technologies in WordPress WP Mail SMTP by WPForms plugin (versions <= 1.3.3).
Affected versions: Min -, max -.
Status: vulnerable

Jul 21, 2024

CVE, Research URL: CVE-2024-6694
Home page URL: Security reports for WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
Application: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
Date: Jul 20, 2024
Research Description: The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.
Affected versions: Min -, max -.
Status: vulnerable