cleantalk
Vulnerabilities and Security Researches

SMTP by BestWebSoft, CVE-2024-13908

CVE, Research URL

CVE-2024-13908

Home page URL

Security reports for SMTP by BestWebSoft

Application

SMTP by BestWebSoft

Published on
Mar 08, 2025
Research Description
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.2.0.
Status
vulnerable
Previous vulnerability researches
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2024-11087) , Mar 09, 2025
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (92a8d2abbf57eff4cf1052d3f99e9038455a99ac) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-23710) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-23706) , Jun 07, 2024
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) (CVE-2023-47683) , Jun 07, 2024
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025