Post SMTP
Saad Iqbal
Developer
3.6.1
Latest version
400,000
Installations
Oct 29, 2025
Last updated
Vulnerability history
0 present
20 fixed
10 Mitigation rules
- Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability<= 3.6.0Nov 3, 2025
- Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update vulnerability<= 3.4.1Sep 2, 2025
- Account Takeover Vulnerability<= 3.2.0Jul 21, 2025
- Authenticated (Administrator+) SQL Injection via columns Parameter vulnerability<= 3.1.2Mar 8, 2025
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 3.0.2Feb 17, 2025
- Broken Access Control vulnerability<= 2.9.11Jan 7, 2025
- SQL Injection vulnerability<= 2.9.9Nov 15, 2024
- Authenticated SQL Injection vulnerability<= 2.9.3May 30, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 2.8.6Mar 16, 2024
- Authorization Bypass via type connect-app API vulnerability<= 2.8.7Jan 10, 2024
- Broken Access Control on API vulnerability<= 2.8.6Jan 5, 2024
- Unauthenticated Stored Cross-Site Scripting via device vulnerability<= 2.8.7Jan 3, 2024
- Reflected Cross-Site Scripting via msg vulnerability<= 2.8.6Jan 3, 2024
- Authenticated (Administrator+) SQL Injection vulnerability< 2.6.1Oct 4, 2023
- Reflected Cross Site Scripting (XSS) vulnerability< 2.5.8Jul 18, 2023
- Unauthenticated Stored Cross-Site Scripting via Email vulnerability<= 2.5.7Jul 12, 2023
- Account Takeover via CSRF vulnerability< 2.5.7Jul 4, 2023
- Arbitrary Log Deletion via CSRF vulnerability< 2.5.7Jul 4, 2023
- Authenticated Blind Server-Side Request Forgery (SSRF) vulnerability<= 2.1.6Sep 5, 2022
- Cross-Site Request Forgery (CSRF) nonce validation vulnerability<= 2.0.20Feb 11, 2021