Filtered by vendor Saadiqbal
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67563 | 2 Saadiqbal, Wordpress | 2 Post Smtp, Wordpress | 2025-12-10 | 5.3 Medium |
| Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1. | ||||
| CVE-2025-12887 | 2 Saadiqbal, Wordpress | 2 Post Smtp, Wordpress | 2025-12-04 | 5.4 Medium |
| The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials. | ||||
| CVE-2025-11833 | 2 Saadiqbal, Wordpress | 2 Post Smtp, Wordpress | 2025-11-04 | 9.8 Critical |
| The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover. | ||||
Page 1 of 1.