Medium 6.1
2026-05-01< 3.1.0
CVE-2024-13362
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
Minimum safe version
3.9.0
Update to 3.9.0 or later to address 34 fixable vulnerabilities
Latest available3.9.1 ✓
Medium 4.3
2025-09-03< 3.4.2
Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update
N/A
2026-03-17< 3.9.0
Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite
N/A
2026-03-17< 3.9.0
Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'
Medium 5.3
2025-12-09< 3.6.2
CVE-2025-67563
Medium 5.4
2025-12-03< 3.6.2
CVE-2025-12887
Critical 9.8
2025-11-01< 3.6.1
CVE-2025-11833
High 8.8
2025-08-07< 3.3.0
CVE-2025-24000
Medium 4.9
2025-03-08< 3.1.3
CVE-2024-13844
High 7.2
2025-02-18< 3.1.0
Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting
Medium 4.3
2025-01-13< 2.9.12
CVE-2025-22800
High 7.6
2024-11-18< 2.9.10
CVE-2024-52436
High 7.2
2024-05-30< 2.9.4
CVE-2024-5207
High 7.1
2024-03-19< 2.8.7
CVE-2024-29128
Critical 9.8
2024-01-11< 2.8.8
CVE-2023-6875
High 8.6
2024-06-11< 2.8.7
CVE-2023-52233
Medium 6.1
2024-01-03< 2.8.7
CVE-2023-6621
N/A
< 2.6.1
Post SMTP < 2.6.1 - Authenticated (Administrator+) SQL Injection
High 7.2
2024-01-15< 2.8.7
CVE-2023-6620
Medium 5.4
2024-01-03< 2.8.8
CVE-2023-7027
Medium 6.1
2024-01-03< 2.8.7
CVE-2023-6629
Medium 6.1
2023-11-27< 2.7.1
CVE-2023-5958
N/A
2023-10-04< 2.6.1
WordPress Post SMTP Mailer/Email Log Plugin < 2.6.1 is vulnerable to SQL Injection
N/A
2023-10-03< 2.6.1
Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection
N/A
2023-07-18< 2.5.8
WordPress Post SMTP Mailer/Email Log Plugin < 2.5.8 is vulnerable to Cross Site Scripting (XSS)
Medium 6.1
2023-07-12< 2.5.8
CVE-2023-3082
Medium 4.3
2023-07-12< 2.0.21
CVE-2021-4422
High 8.8
2023-07-17< 2.5.7
CVE-2023-3179
Medium 4.3
2024-01-16< 2.5.7
CVE-2023-3178
N/A
2023-06-07< 2.0.21
CVE-2021-4342
N/A
< 2.0.21
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
High 7.2
2022-09-26< 2.1.7
CVE-2022-2352
Medium 4.8
2022-09-16< 2.1.4
CVE-2022-2351
N/A
2021-02-11< 2.0.21
WordPress Post SMTP Mailer/Email Log plugin <= 2.0.20 - Cross-Site Request Forgery (CSRF) nonce validation vulnerability