Get Started

WordPress: Stored Cross-Site Scripting Vulnerability in Post SMTP Plugin

by the Hossted team
18.02.2025

In Post SMTP plugin for WordPress versions 3.0.2 and prior a high severity vulnerability CVE-2025-0521 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘from’ and ‘subject’ parameters, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Post SMTP plugin to version 3.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0521.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR