Ultimate WP Mail

Vulnerabilities 6Slug ultimate-wp-mailLatest version 1.3.11WordPress.org →

Minimum safe version

1.3.9

Update to 1.3.9 or later to address 5 fixable vulnerabilities

Latest available1.3.11 ✓⚠ 1 vulnerability has no fix

Medium 6.5

2025-09-22< 1.3.9

Ultimate WP Mail <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

High 7.5

2025-07-16< 1.3.7

Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function

Medium 4.3

2025-06-06< 1.3.6

CVE-2025-49288

High 8.5

2025-05-07< 1.3.5

CVE-2025-47490

Medium 5.4

2025-05-07< 1.3.5

CVE-2025-47466

Medium 4.7 Unfixed

2025-04-09≤ 1.3.10

WordPress Ultimate WP Mail plugin <= 1.3.10 - Open Redirection vulnerability