Post Smtp – Complete Smtp Solution With Logs, Alerts, Backup Smtp & Mobile App
Approved changes feed: RSS · Atom
cpe:2.3:a:saadiqbal:post_smtp_–_complete_smtp_solution_with_logs,_alerts,_backup_smtp_&_mobile_app:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Saadiqbal (83c57749-782e-5814-b44d-398a661b31b1) |
|---|---|
| Product | Post Smtp – Complete Smtp Solution With Logs, Alerts, Backup Smtp & Mobile App (423dbfe5-4d11-58ef-baeb-8d5d32e2b924) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-12887 |
vulnerable | 2026-06-03 14:58:45.143303 |
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update
MEDIUM (5.4)
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials. CVE-2025-67563 appears to be a duplicate of this issue.
Published: 2025-12-03T12:29:53.626Z
Updated: 2026-04-08T16:55:27.472Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11833 |
vulnerable | 2026-06-03 14:58:43.160282 |
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
CRITICAL (9.8)
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.
Published: 2025-11-01T03:34:35.794Z
Updated: 2026-04-08T16:50:24.214Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.