cleantalk
Vulnerabilities and Security Researches

SMTP2GO for WordPress – Email Made Easy, CVE-2026-7621

CVE, Research URL

CVE-2026-7621

Home page URL

Security reports for SMTP2GO for WordPress – Email Made Easy

Application

SMTP2GO for WordPress – Email Made Easy

Published on
May 28, 2026
Research Description
The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate all SMTP2GO log records from the database or download a CSV export of all SMTP log data including recipient addresses, sender addresses, message subjects, and API response data.
Affected versions
max 1.17.0.
Status
vulnerable
Previous vulnerability researches
jQuery googleslides (CVE-2026-8866) , May 28, 2026
New vulnerability
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2026-6287) , May 28, 2026
PowerPress Podcasting plugin by Blubrry (CVE-2026-24637) , May 28, 2026
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2026-7651) , May 28, 2026
CRM WordPress Plugin – RepairBuddy (CVE-2026-24638) , May 28, 2026
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2026-49047) , May 28, 2026