cleantalk
Vulnerabilities and Security Researches

POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications, CVE-2022-2351

CVE, Research URL

CVE-2022-2351

Home page URL

Security reports for POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications

Application

POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications

Published on
Sep 16, 2022
Research Description
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.
Affected versions
Min -, max 2.1.4.
Status
vulnerable
Previous vulnerability researches
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2025-22800) , Jan 11, 2025
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2023-52233) , Jul 10, 2024
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2023-3179) , Jun 07, 2024
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2022-2352) , Jun 07, 2024
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2021-4422) , Jun 07, 2024
New vulnerability
Frontend File Manager Plugin (CVE-2023-7306) , Jul 27, 2025
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition (CVE-2025-6441) , Jul 27, 2025
Timber (CVE-2024-45411) , Jul 27, 2025
Advanced iFrame (CVE-2025-6987) , Jul 27, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025