Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security & Risk Analysis

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K active installs v3.8.0 PHP 7.0+ WP 5.6.0+ Updated Jan 20, 2026

emailemail-logsgmail-smtpoffice-365smtp

B · Generally Safe

CVEs total23

Unpatched0

Last CVEMar 17, 2026

Plugin page Download

Safety Verdict

Is Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Safe to Use in 2026?

Mostly Safe

Score 76/100

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App is generally safe to use. 23 past CVEs were resolved. Keep it updated.

23 known CVEsLast CVE: Mar 17, 2026Updated 2mo ago

Risk Assessment

Assessment pending

Vulnerabilities

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2022

2022

6 CVEs in 2023

2023

5 CVEs in 2024

2024

7 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

23 total CVEs

CVE-2026-2559medium · 5.3Missing Authorization

Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite

Mar 17, 2026 Patched in 3.9.0 (2d)

CVE-2026-3090high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'

Mar 17, 2026 Patched in 3.9.0 (2d)

CVE-2025-12887medium · 5.4Missing Authorization

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update

Dec 3, 2025 Patched in 3.6.2 (9d)

CVE-2025-11833critical · 9.8Missing Authorization

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

Oct 31, 2025 Patched in 3.6.1 (1d)

CVE-2025-9219medium · 4.3Missing Authorization

Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update

Sep 2, 2025 Patched in 3.4.2 (1d)

CVE-2025-24000high · 8.8Missing Authorization

Post SMTP <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via Email Log Exposure

Jul 21, 2025 Patched in 3.3.0 (4d)

CVE-2024-13844medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

Mar 7, 2025 Patched in 3.1.3 (1d)

CVE-2025-0521high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting

Feb 17, 2025 Patched in 3.1.0 (1d)

CVE-2025-22800medium · 4.3Missing Authorization

Post SMTP <= 2.9.11 - Missing Authorization via regenerate_qrcode()

Jan 7, 2025 Patched in 2.9.12 (8d)

CVE-2024-52436medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 2.9.9 - Authenticated (Administrator+) SQL Injection

Nov 15, 2024 Patched in 2.9.10 (21d)

CVE-2024-5207high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection

May 22, 2024 Patched in 2.9.4 (69d)

CVE-2023-6875critical · 9.8Authorization Bypass Through User-Controlled Key

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API

Jan 10, 2024 Patched in 2.8.8 (202d)

CVE-2023-6629medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg

Jan 2, 2024 Patched in 2.8.7 (210d)

CVE-2023-7027high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device

Jan 2, 2024 Patched in 2.8.8 (210d)

CVE-2023-6620high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection

Dec 21, 2023 Patched in 2.8.7 (33d)

CVE-2023-5958high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer <= 2.7.0 - Unauthenticated Stored Cross-Site Scripting

Nov 6, 2023 Patched in 2.7.1 (78d)

WF-3816a6cf-8157-4ad9-83f6-93c9b6c6275f-post-smtphigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection

Oct 3, 2023 Patched in 2.6.1 (112d)

CVE-2023-3082high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email

Jul 11, 2023 Patched in 2.5.8 (196d)

CVE-2023-3179medium · 6.5Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise

Jun 26, 2023 Patched in 2.5.7 (211d)

CVE-2023-3178medium · 4.3Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion

Jun 26, 2023 Patched in 2.5.7 (211d)

CVE-2022-2352medium · 6.6Server-Side Request Forgery (SSRF)

Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery

Sep 5, 2022 Patched in 2.1.7 (505d)

CVE-2022-2351medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP Mailer/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 18, 2022 Patched in 2.1.4 (523d)

CVE-2021-4422medium · 4.3Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass

Mar 1, 2021 Patched in 2.0.21 (1058d)

Maintenance & Trust

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.0

Downloads18.6M

Community Trust

Rating94/100

Number of ratings518

Active installs400K

Alternatives

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Alternatives

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

suremails

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

200K 1 CVE

Bit SMTP – Easy SMTP Solution with Email Logs

bit-smtp

Short Description

2K 1 CVE

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

WP Offload SES Lite

wp-ses

100

Fix your email delivery problems by sending your WordPress emails through Amazon SES's powerful email sending infrastructure.

10K 1 CVE

Developer Profile

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

272 days

View full developer profile

FAQ

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security & Risk Analysis

Is Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Safe to Use in 2026?

Mostly Safe

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security Vulnerabilities

CVEs by Year

Severity Breakdown

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Maintenance & Trust

Maintenance Signals

Community Trust

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Alternatives

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

Bit SMTP – Easy SMTP Solution with Email Logs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

WP Offload SES Lite

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Developer Profile

Frequently Asked Questions about Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App