cleantalk
Vulnerabilities and Security Researches

SMTP Mailing Queue, 50102fa9853d89dbd009f668642c536bd89820d6

CVE, Research URL

50102fa9853d89dbd009f668642c536bd89820d6

Home page URL

Security reports for SMTP Mailing Queue

Application

SMTP Mailing Queue

Published on
Apr 03, 2023
Research Description
SMTP Mailing Queue [smtp-mailing-queue] < 2.0.0 SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting The SMTP Mailing Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mailing settings in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 2.0.0.
Status
vulnerable
Previous vulnerability researches
SMTP Mailing Queue (CVE-2023-1090) , Jun 07, 2024
SMTP Mailing Queue (50102fa9853d89dbd009f668642c536bd89820d6) , Jun 07, 2024
New vulnerability
Subscriptions for WooCommerce &#8211; Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box &#8211; WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026