cleantalk
Vulnerabilities and Security Researches

WP SMTP, CVE-2025-1123

CVE, Research URL

CVE-2025-1123

Home page URL

Security reports for WP SMTP

Application

WP SMTP

Published on
May 23, 2025
Research Description
The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.1.6.
Status
vulnerable
Previous vulnerability researches
Ajax Comment Form CST (CVE-2025-3867) , Apr 27, 2025
New vulnerability
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025
WP SMTP (CVE-2025-1123) , May 24, 2025
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
WP Image Mask (CVE-2025-48235) , May 23, 2025
TablePress – Tables in WordPress made easy (CVE-2025-5096) , May 23, 2025