cleantalk
Vulnerabilities and Security Researches

WP SMTP, CVE-2025-1123

CVE, Research URL

CVE-2025-1123

Home page URL

Security reports for WP SMTP

Application

WP SMTP

Published on
May 23, 2025
Research Description
The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.1.6.
Status
vulnerable
Previous vulnerability researches
WP SMTP (CVE-2024-1789) , Jun 07, 2024
WP SMTP (CVE-2025-1123) , May 24, 2025
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2022-42699) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2019-25141) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2020-35234) , Jun 07, 2024
New vulnerability
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Staggs – Product configurator for WooCommerce (CVE-2025-47637) , May 24, 2025
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025
WP SMTP (CVE-2025-1123) , May 24, 2025
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025