cleantalk
Vulnerabilities and Security Researches

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin, CVE-2019-25141

CVE, Research URL

CVE-2019-25141

Home page URL

Security reports for Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin

Application

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin

Published on
Jun 07, 2023
Research Description
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.
Affected versions
Min -, max 1.3.9.1.
Status
vulnerable
Previous vulnerability researches
WP SMTP (CVE-2024-1789) , Jun 07, 2024
WP SMTP (CVE-2025-1123) , May 24, 2025
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2022-42699) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2019-25141) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2020-35234) , Jun 07, 2024
New vulnerability
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Staggs – Product configurator for WooCommerce (CVE-2025-47637) , May 24, 2025
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025