[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8nSqJnSnl850GIl1ADTnIWlJAe7UvaxTHj6pSlZ3jco":3,"$fqOx21bgLhPm3oqpc2UpPKoATCyVJ025CITty7rdUKlQ":327,"$fJ67JdqxZ9GiO01TGCmLT0Y0i8MhEj4TehPuv4uTcUOs":331},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":85,"crawl_stats":39,"alternatives":92,"analysis":195,"fingerprints":300},"postmarkapp-email-integrator","PostmarkApp Email Integrator","2.5.0","Gagan Deep Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fgagan0123\u002F","\u003Cp>This plugin enables WordPress blogs of any size to deliver and track WordPress notification emails reliably, with minimal setup time and zero maintenance. No more SMTP errors or delivery problems with Postmark!\u003C\u002Fp>\n\u003Cp>If you don’t already have a free Postmark account, you can get one in minutes. Every account comes with thousands of free email sends.\u003C\u002Fp>\n\u003Cp>PLEASE NOTE: This is not official PostMarkApp Plugin. This plugin is a copy of the Official Postmarkapp plugin which had several critical bugs.  The Official Plugin developers have not addressed these bugs for some time now, so I created a new plugin to solve those issues.\u003C\u002Fp>\n\u003Cp>Issues fixed(from the official version):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fixed the Connection Timeout bug\u003C\u002Fli>\n\u003Cli>Fixed the Fatal Error due to incorrect usage of WP_Error object\u003C\u002Fli>\n\u003Cli>Fixed the issue while parsing the headers sent as array to the wp_mail function\u003C\u002Fli>\n\u003Cli>Fixed the breaking of plaintext when force html option is selected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>New Features added:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for adding Cc, Bcc, and Reply-To headers\u003C\u002Fli>\n\u003Cli>Support to filter the arguments by other plugins like its done in the actual wp_mail() function of WordPress\u003C\u002Fli>\n\u003Cli>Auto import settings from the Postmarkapp approved WordPress plugin for easy migration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Roadmap:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for attachments\u003C\u002Fli>\n\u003Cli>Handling special characters in Subject\u003C\u002Fli>\n\u003Cli>Ability for dynamic “From” addresses by verifying from PostmarkApp\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To know more about PostMarkApp, please visit this link: http:\u002F\u002Fpostmarkapp.com\u003C\u002Fp>\n\u003Cp>To get help about PostMarkApp, please visit this link: http:\u002F\u002Fsupport.postmarkapp.com\u002F\u003C\u002Fp>\n\u003Cp>To contribute to this plugin, visit the GitHub repository: https:\u002F\u002Fgithub.com\u002Fgagan0123\u002Fpostmarkapp-email-integrator\u003C\u002Fp>\n","Enables your WordPress site to send emails via PostMarkApp API.",60,2797,100,4,"2026-03-23T16:41:00.000Z","6.9.4","5.0","",[20,21,22,23,24],"email","notifications","postmark","smtp","wp_mail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpostmarkapp-email-integrator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.5.0.zip",74,3,1,"2026-02-18 15:45:28","2026-04-16T10:56:18.058Z","no_bundle",[34,59,74],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":39,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":39,"patch_diff_files":48,"patch_trac_url":39,"research_status":49,"research_verified":50,"research_rounds_completed":28,"research_plan":51,"research_summary":52,"research_vulnerable_code":53,"research_fix_diff":54,"research_exploit_outline":55,"research_model_used":56,"research_started_at":57,"research_completed_at":58,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-1043","postmarkapp-email-integrator-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings","PostmarkApp Email Integrator \u003C= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings","The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pma_api_key and pma_sender_address parameters. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the settings page.",null,"\u003C=2.4","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-04-15 16:38:32",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F80b03e81-6660-483a-9150-e6075b7bffbd?source=api-prod",[],"researched",false,"# Exploitation Research Plan: CVE-2026-1043\n\n## 1. Vulnerability Summary\nThe **PostmarkApp Email Integrator** plugin (versions \u003C= 2.4) is vulnerable to **Stored Cross-Site Scripting (XSS)**. The plugin fails to sanitize or escape user-controlled settings—specifically the `pma_api_key` and `pma_sender_address` parameters—before saving them to the database and subsequently rendering them in the WordPress administration dashboard. \n\nWhile the vulnerability requires Administrator-level privileges to exploit (PR:H), it poses a significant risk in environments where `unfiltered_html` is disabled or in Multisite configurations where a Site Admin (not Super Admin) can use this to target a Super Admin.\n\n## 2. Attack Vector Analysis\n- **Vulnerable Parameters:** `pma_api_key`, `pma_sender_address`\n- **Entry Point:** Plugin settings page, likely found at `\u002Fwp-admin\u002Foptions-general.php?page=postmarkapp-email-integrator` (inferred) or `\u002Fwp-admin\u002Fadmin.php?page=pma-settings` (inferred).\n- **Authentication:** Required (Administrator or above).\n- **Vulnerability Mechanism:** Improper storage (missing `sanitize_text_field`) and improper output (missing `esc_attr` or `esc_html`) in the admin settings view.\n\n## 3. Code Flow (Inferred)\n1. **Submission Phase:**\n   - An administrator navigates to the plugin settings page.\n   - A POST request is sent to `options.php` (if using Settings API) or the plugin's own admin page handler.\n   - The plugin processes the input using `update_option('pma_api_key', $_POST['pma_api_key'])` without applying sanitization functions.\n2. **Execution Phase:**\n   - An administrator (the attacker or a victim) views the settings page.\n   - The plugin retrieves the value: `$api_key = get_option('pma_api_key');`.\n   - The value is echoed directly into an HTML input attribute or a table cell: `echo '\u003Cinput type=\"text\" name=\"pma_api_key\" value=\"' . $api_key . '\">';`.\n   - The browser interprets the injected script, executing it in the context of the administrator's session.\n\n## 4. Nonce Acquisition Strategy\nThe plugin likely uses the standard WordPress Settings API or a custom form with a nonce check (`check_admin_referer`). To exploit this via the `http_request` tool, we must first extract the valid nonce from the settings page.\n\n1. **Identify the Settings Page:** Navigate to the admin dashboard and find the \"Postmark\" or \"Email Integrator\" settings link.\n2. **Navigate and Extract:**\n   - Use `browser_navigate` to load the settings page.\n   - Use `browser_eval` to locate the nonce field.\n   - Common Settings API nonce name: `_wpnonce`.\n   - Plugin-specific nonce keys might be localized in a global JS object or hidden in the form.\n\n**JavaScript to extract nonce:**\n```javascript\n\u002F\u002F If standard Settings API form:\ndocument.querySelector('input[name=\"_wpnonce\"]')?.value;\n\n\u002F\u002F If custom form (check page source for nonce field names):\ndocument.querySelector('input[name*=\"nonce\"]')?.value;\n```\n\n## 5. Exploitation Strategy\nThe goal is to store a payload that executes `alert(document.domain)` when the settings page is viewed.\n\n### Step 1: Discover the Form Structure\n1. Navigate to the settings page as an Administrator.\n2. Inspect the HTML to identify the exact `name` attributes for the API key and Sender Address fields. Let's assume they are `pma_api_key` and `pma_sender_address` based on the CVE description.\n3. Identify the `action` attribute of the form (likely `options.php`).\n\n### Step 2: Perform the Injection\nSend a POST request to update the options.\n\n- **URL:** `http:\u002F\u002F[target]\u002Fwp-admin\u002Foptions.php` (if using Settings API) or the current page URL.\n- **Content-Type:** `application\u002Fx-www-form-urlencoded`\n- **Body Parameters:**\n  - `option_page`: (e.g., `postmark_settings_group`)\n  - `action`: `update`\n  - `_wpnonce`: [EXTRACTED_NONCE]\n  - `pma_api_key`: `\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>`\n  - `pma_sender_address`: `\">\u003Cimg src=x onerror=alert(1)>`\n\n### Step 3: Trigger the XSS\n1. Navigate to the plugin settings page: `browser_navigate(\"http:\u002F\u002F[target]\u002Fwp-admin\u002Foptions-general.php?page=postmarkapp-email-integrator\")`.\n2. The browser will render the unescaped values in the input fields, breaking out of the `value` attribute and executing the scripts.\n\n## 6. Test Data Setup\n1. **Active Plugin:** Ensure `postmarkapp-email-integrator` is installed and activated.\n2. **User Role:** Use an existing Administrator account.\n3. **Multisite (Optional):** If testing for privilege escalation, ensure `DISALLOW_UNFILTERED_HTML` is set to `true` in `wp-config.php` to verify that the plugin's lack of sanitization bypasses the WordPress core's intent.\n\n## 7. Expected Results\n- After the POST request, the WordPress site should return a `302 Redirect` back to the settings page with a `settings-updated=true` parameter.\n- Upon visiting the settings page, an alert box showing the domain name should appear (verified via `browser_eval` to check for the presence of the script or the result of the alert).\n- The HTML source of the settings page should show:\n  `\u003Cinput ... value=\"\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\">`\n\n## 8. Verification Steps (WP-CLI)\nConfirm the payload is stored in the database without sanitization:\n```bash\nwp option get pma_api_key\n# Expected output: \">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\n\nwp option get pma_sender_address\n# Expected output: \">\u003Cimg src=x onerror=alert(1)>\n```\n\n## 9. Alternative Approaches\nIf the plugin does not use the Settings API (`options.php`), it may handle the POST request via the `admin_init` hook or within the menu callback function.\n\n- **Alternative Sink:** Check if the `pma_sender_address` is used in email headers sent by the plugin. If so, this could lead to Header Injection, but the primary CVE report focuses on the XSS in the settings page.\n- **Bypassing Nonces:** If the plugin checks nonces incorrectly (e.g., using `check_admin_referer` with a fixed string instead of a dynamic nonce), the exploit could be performed via CSRF.\n- **Blind XSS:** If the settings are reflected on a different admin page (e.g., a dashboard widget), check those pages as well.","The PostmarkApp Email Integrator plugin for WordPress (versions up to 2.4) is vulnerable to Stored Cross-Site Scripting due to improper input sanitization and output escaping of the 'pma_api_key' and 'pma_sender_address' parameters. Authenticated administrators can inject malicious scripts into these settings, which execute in the browser of any user accessing the plugin's configuration page.","\u002F\u002F Inferred vulnerability in settings storage (likely in an admin_init hook or settings form handler)\nupdate_option('pma_api_key', $_POST['pma_api_key']);\nupdate_option('pma_sender_address', $_POST['pma_sender_address']);\n\n---\n\n\u002F\u002F Inferred vulnerability in settings display (admin settings page template)\n$api_key = get_option('pma_api_key');\n$sender_address = get_option('pma_sender_address');\n?>\n\u003Cinput type=\"text\" name=\"pma_api_key\" value=\"\u003C?php echo $api_key; ?>\" \u002F>\n\u003Cinput type=\"text\" name=\"pma_sender_address\" value=\"\u003C?php echo $sender_address; ?>\" \u002F>","--- a\u002Fpostmarkapp-email-integrator.php\n+++ b\u002Fpostmarkapp-email-integrator.php\n@@ -10,8 +10,8 @@\n-update_option('pma_api_key', $_POST['pma_api_key']);\n-update_option('pma_sender_address', $_POST['pma_sender_address']);\n+update_option('pma_api_key', sanitize_text_field($_POST['pma_api_key']));\n+update_option('pma_sender_address', sanitize_email($_POST['pma_sender_address']));\n \n@@ -25,2 +25,2 @@\n- \u003Cinput type=\"text\" name=\"pma_api_key\" value=\"\u003C?php echo $api_key; ?>\" \u002F>\n- \u003Cinput type=\"text\" name=\"pma_sender_address\" value=\"\u003C?php echo $sender_address; ?>\" \u002F>\n+ \u003Cinput type=\"text\" name=\"pma_api_key\" value=\"\u003C?php echo esc_attr($api_key); ?>\" \u002F>\n+ \u003Cinput type=\"text\" name=\"pma_sender_address\" value=\"\u003C?php echo esc_attr($sender_address); ?>\" \u002F>","1. Authenticate to the WordPress dashboard as a user with Administrator privileges.\n2. Navigate to the PostmarkApp Email Integrator settings page (likely located under Settings > PostmarkApp).\n3. Capture the nonce required for settings updates (e.g., from the '_wpnonce' hidden input field).\n4. Send a POST request to \u002Fwp-admin\u002Foptions.php (if using the Settings API) or the plugin's own settings handler. \n5. Include a payload in the 'pma_api_key' or 'pma_sender_address' parameters designed to break out of an HTML attribute, such as: \">\u003Cscript>alert(document.domain)\u003C\u002Fscript>.\n6. The script will be stored in the 'wp_options' table. To trigger the execution, any administrator must simply view the plugin settings page, where the payload will be echoed without sanitization into the input's 'value' attribute.","gemini-3-flash-preview","2026-04-19 03:18:49","2026-04-19 03:19:07",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":64,"cvss_vector":65,"vuln_type":66,"published_date":67,"updated_date":68,"references":69,"days_to_patch":71,"patch_diff_files":72,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":73,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-31576","postmarkapp-email-integrator-missing-authorization","PostmarkApp Email Integrator \u003C= 2.4 - Missing Authorization","The PostmarkApp Email Integrator plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-03-31 00:00:00","2026-04-15 13:28:05",[70],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0a652464-73b7-4189-be80-2ee12fa25868?source=api-prod",381,[],0,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":64,"cvss_vector":79,"vuln_type":80,"published_date":67,"updated_date":81,"references":82,"days_to_patch":71,"patch_diff_files":84,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":73,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-31617","postmarkapp-email-integrator-cross-site-request-forgery-to-stored-cross-site-scripting","PostmarkApp Email Integrator \u003C= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-04-15 13:27:45",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffd25b485-1355-4654-a75f-ec2334ba34de?source=api-prod",[],{"slug":86,"display_name":7,"profile_url":8,"plugin_count":87,"total_installs":88,"avg_security_score":89,"avg_patch_time_days":71,"trust_score":90,"computed_at":91},"gagan0123",10,65530,97,77,"2026-05-20T02:07:06.466Z",[93,113,135,153,176],{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":110,"download_link":111,"security_score":112,"vuln_count":73,"unpatched_count":73,"last_vuln_date":39,"fetched_at":31},"postmark-approved-wordpress-plugin","ActiveCampaign Postmark for WordPress","1.19.1","alexknowshtml","https:\u002F\u002Fprofiles.wordpress.org\u002Falexknowshtml\u002F","\u003Cp>If you’re still sending email with default SMTP, you’re blind to delivery problems! ActiveCampaign Postmark for WordPress enables sites of any size to deliver and track WordPress notification emails reliably, with minimal setup time and zero maintenance.\u003C\u002Fp>\n\u003Cp>If you don’t already have a Postmark account, you can get one in minutes, sign up at https:\u002F\u002Fpostmarkapp.com\u003C\u002Fp>\n\u003Cp>Check out our video on how to set up the Postmark for WordPress plugin \u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fwebinars\u002Fpostmark-wordpress\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Additional Resources\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1138-postmark-for-wordpress-faq\" rel=\"nofollow ugc\">Postmark for WordPress FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1129-can-i-use-the-postmark-for-wordpress-plugin-with-gravity-forms\" rel=\"nofollow ugc\">Can I use the Postmark for WordPress plugin with Gravity Forms?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1047-how-do-i-send-with-ninja-forms-and-postmark-for-wordpress\" rel=\"nofollow ugc\">How do I send with Ninja Forms and Postmark for WordPress?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1072-how-do-i-send-with-contact-form-7-and-postmark-for-wordpress\" rel=\"nofollow ugc\">How do I send with Contact Form 7 and Postmark for WordPress?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1128-can-i-use-the-postmark-for-wordpress-plugin-with-divi-contact-forms\" rel=\"nofollow ugc\">Can I use the Postmark for WordPress plugin with Divi contact forms?\u003C\u002Fa>\u003C\u002Fp>\n","The officially-supported ActiveCampaign Postmark plugin for Wordpress.",50000,764782,94,30,"2024-11-18T20:01:00.000Z","6.7.5","5.3","7.0",[20,21,22,23,24],"https:\u002F\u002Fpostmarkapp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmark-approved-wordpress-plugin.1.19.1.zip",92,{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":13,"num_ratings":123,"last_updated":124,"tested_up_to":16,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":130,"download_link":131,"security_score":132,"vuln_count":133,"unpatched_count":73,"last_vuln_date":134,"fetched_at":31},"smtp2go","SMTP2GO for WordPress – Email Made Easy","1.14.1","SMTP2GO","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmtp2go\u002F","\u003Cp>SMTP2GO’s WordPress plugin replaces the default built in wp_mail() functionality (phpmailer) and sends your email via SMTP2GO’s API and industry leading email delivery platform.\u003C\u002Fp>\n\u003Cp>SMTP2GO provides valuable insights into every aspect of your email’s life cycle, enabling you to track delivery rates, opens, clicks, and bounce rates. Whether your email is transactional, marketing, newsletter, contact form, or notification – we have got you covered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The main benefits of using the official SMTP2GO plugin:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We have made our plugin as easy and low maintenance as possible – you can set it up in under ten minutes.\u003C\u002Fli>\n\u003Cli>Take over from the default WordPress email system for more reliable delivery – you can be confident your emails have arrived at their destination inbox successfully.\u003C\u002Fli>\n\u003Cli>Get access to our intuitive real-time reporting tools. You can uncover what is going on behind the scenes with delivery, open rates, click rates, bounce, and unsubscription reports.\u003C\u002Fli>\n\u003Cli>We offer secure worldwide servers with intelligent routing for network redundancy and speedy delivery.\u003C\u002Fli>\n\u003Cli>We handle SPF and DKIM on your behalf. SMTP2GO can even turn your “http” links into “https”.\u003C\u002Fli>\n\u003Cli>Diagnose and resolve delivery issues with our insightful reporting page, or reach out to our award-winning support team who are available almost 24\u002F7 to help address problems in a timely, friendly fashion.\u003C\u002Fli>\n\u003Cli>We have a dedicated Review team who constantly monitor the reputations of our IP’s and we proactively alert members to any suspicious changes in their email regimen.\u003C\u002Fli>\n\u003Cli>Avoid poor reputation and throttling or limitations from over-used shared web hosts and other providers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.smtp2go.com\u002F\" rel=\"nofollow ugc\">Sign up here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you have questions or need assistance then feel free to contact the support team by logging into your \u003Ca href=\"https:\u002F\u002Fapp.smtp2go.com\" rel=\"nofollow ugc\">SMTP2GO dashboard\u003C\u002Fa> and clicking the support icon on the top right navigation bar.\u003C\u002Fp>\n\u003Cp>More information on this plugin is available in our \u003Ca href=\"https:\u002F\u002Fsupport.smtp2go.com\u002Fhc\u002Fen-gb\u002Farticles\u002F900000195666-SMTP2GO-WordPress-Plugin\" rel=\"nofollow ugc\">knowledgebase\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>About SMTP2GO\u003C\u002Fh3>\n\u003Cp>Founded in 2006, SMTP2GO is a fast and scalable world class email service provider for sending transactional and marketing emails. It is developed and supported by a team of delivery experts at the forefront of the email industry, providing a reliable SMTP solution for over 35,000 businesses.\u003C\u002Fp>\n\u003Cp>Complexities such as reputation monitoring, SPF and DKIM are professionally managed for each customer. Native-English speaking support is available worldwide (agents in the USA, EU, UK, Australia, and New Zealand).\u003C\u002Fp>\n\u003Cp>Our data centers are located around the world, meaning lightning-fast connection speeds, network redundancy, and GDPR compliance.\u003C\u002Fp>\n","Resolve email delivery issues, increase inbox placement, track sent email, get 24\u002F7 support, and real-time reporting.",30000,339758,65,"2026-03-04T01:49:00.000Z","6.2","7.4",[128,20,129,23,24],"delivery","inbox","https:\u002F\u002Fgithub.com\u002Fthefold\u002Fsmtp2go-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmtp2go.1.14.1.zip",98,2,"2025-07-16 00:00:00",{"slug":136,"name":137,"version":107,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":132,"num_ratings":144,"last_updated":145,"tested_up_to":16,"requires_at_least":17,"requires_php":126,"tags":146,"homepage":149,"download_link":150,"security_score":151,"vuln_count":29,"unpatched_count":73,"last_vuln_date":152,"fetched_at":31},"wpo365-msgraphmailer","WPO365 | MICROSOFT 365 GRAPH MAILER","Marco van Wieren","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpo365\u002F","\u003Cp>\u003Cstrong>WPO365 | MS GRAPH MAILER\u003C\u002Fstrong> provides you with a modern, reliable and efficient way to send WordPress transactional emails from one of your Microsoft 365 \u002F Exchange Online \u002F Mail enabled accounts.\u003C\u002Fp>\n\u003Cp>The plugin re-configures your WordPress website to send emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> instead of – for example – SMTP. Sending WordPress emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> has become the only available alternative after Microsoft has disabled basic authentication (username and password) over the SMTP protocol.\u003C\u002Fp>\n\u003Ch4>DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send WordPress transactional emails from one of your \u003Cstrong>Microsoft 365 Exchange Online \u002F Mail enabled accounts\u003C\u002Fstrong> using Microsoft Graph instead of – for example – SMTP.\u003C\u002Fli>\n\u003Cli>Choose between delegated (send mail as a user) and application-level (send mail as any user) type permissions.\u003C\u002Fli>\n\u003Cli>Or: Select either a Microsoft 365 account or a personal Microsoft account, like Hotmail.com or Outlook.com, to send WordPress emails.\u003C\u002Fli>\n\u003Cli>Or: Configure \u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002FExchange\u002Fpermissions-exo\u002Fapplication-rbac\" rel=\"nofollow ugc\">RBAC for Exchange Online\u003C\u002Fa> and authorize as an application but with a limited scope e.g. one specific mailbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS HTML\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails formatted as \u003Cstrong>HTML\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SAVE TO SENT ITEMS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Emails sent will be saved in the account’s mailbox in the \u003Cstrong>Sent Items\u003C\u002Fstrong> folder, further helping to track (successful) mail delivery.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send files from your WordPress website as \u003Cem>attachments\u003C\u002Fem>. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>See what matters, when it happens\u003C\u002Fstrong> Track key WPO365 events like sent emails with WPO365 Insights \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONFIGURATION \u002F TEST EMAIL DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy configuration with detailed step-by-step \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F141-send-email-using-microsoft-graph-mailer\" rel=\"nofollow ugc\">Getting started\u003C\u002Fa> guide and video.\u003C\u002Fli>\n\u003Cli>Send \u003Cem>test email\u003C\u002Fem> to recipients incl. CC, BCC and attachment.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1CK7Fl8f8iA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ADD FUNCTIONALITY WITH PREMIUM EXTENSIONS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The following features can be unlocked with the \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fdownloads\u002Fwpo365-mail\u002F\" rel=\"nofollow ugc\">WPO365 | MAIL\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Get \u003Cstrong>WPO35 Alerts\u003C\u002Fstrong> in your inbox when email delivery is failing \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Auto-Retry\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Log every email\u003C\u002Fstrong> sent from your WordPress website, review errors and (automatically) try to send unsuccessfully \u003Cstrong>sent mails again\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LARGE ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add support to send WordPress emails with \u003Cstrong>attachments larger than 3 MB\u003C\u002Fstrong> using Microsoft Graph.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS \u002F SEND ON BEHALF OF\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email \u003Cstrong>as \u002F on behalf of\u003C\u002Fstrong> another user or distribution list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SHARED MAILBOX\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email from \u003Cstrong>Microsoft 365 Shared Mailbox\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>STAGING MODE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mail Staging Mode\u003C\u002Fstrong> is useful for debugging and staging environments. WordPress emails will be logged and saved in the database instead of being sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DYNAMIC SEND-FROM\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow forms to \u003Cstrong>override “From”\u003C\u002Fstrong> address e.g allow Contact Form 7 to dynamically configure the account used to send the email from (requires application-level Mail.Send permissions).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MAIL THROTTLE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Throttle\u003C\u002Fstrong> the number of emails sent from your website per minute.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WP-CONFIG FOR AAD SECRETS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Further improve overall security by choosing to store Azure Active Directory secrets in your WordPress WP-Config.php (on disk) and have those secrets removed from the database.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS BCC\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails \u003Cstrong>as BCC\u003C\u002Fstrong> instead and prevent reply-to-all mail pollution.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REPLY-TO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configure a \u003Cstrong>default reply-to\u003C\u002Fstrong> mail address if this should differ from the account’s mail address that is used to send WordPress transactional emails from.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We have tested our plugin with WordPress >= 5.0 and PHP >= 5.6.40.\u003C\u002Fli>\n\u003Cli>You need to be an Entra ID Tenant Administrator to configure both Azure Active Directory and the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We will go to great length trying to support you if the plugin doesn’t work as expected. Go to our \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fhow-to-get-support\u002F\" rel=\"nofollow ugc\">Support Page\u003C\u002Fa> to get in touch with us. We haven’t been able to test our plugin in all endless possible WordPress configurations and versions so we are keen to hear from you and happy to learn!\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>We are keen to hear from you so share your feedback with us on \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fdownloads-by-van-wieren\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> and help us get better!\u003C\u002Fp>\n\u003Ch3>Open Source\u003C\u002Fh3>\n\u003Cp>When you’re a developer and interested in the code you should have a look at our repo over at \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpo365-msgraphmailer\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n","Send WordPress emails from a M365 \u002F Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP",10000,200885,37,"2026-04-13T21:22:00.000Z",[20,147,148,23,24],"microsoft","phpmailer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpo365-msgraphmailer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpo365-msgraphmailer.5.3.zip",99,"2025-02-23 22:53:02",{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":142,"downloaded":161,"rating":132,"num_ratings":162,"last_updated":163,"tested_up_to":16,"requires_at_least":164,"requires_php":165,"tags":166,"homepage":171,"download_link":172,"security_score":173,"vuln_count":174,"unpatched_count":73,"last_vuln_date":175,"fetched_at":31},"yaysmtp","YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service","2.7.4","YayCommerce","https:\u002F\u002Fprofiles.wordpress.org\u002Fyaycommerce\u002F","\u003Cp>Easily send emails from your WordPress site using your preferred SMTP server. With YaySMTP, enjoy \u003Cstrong>unlimited email logging\u003C\u002Fstrong>, effortless migration from your previous SMTP plugin, and \u003Cstrong>tracking opened and clicked emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.yaycommerce.com\u002Fyaysmtp\u002Femail-log\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaysmtp-wordpress-mail-smtp\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Get YaySMTP Pro\u003C\u002Fstrong>\u003C\u002Fa> 🏆\u003C\u002Fp>\n\u003Ch3>⚡️ FEATURES\u003C\u002Fh3>\n\u003Cp>YaySMTP has powerful options to connect via API of popular sending services, including Gmail SMTP, Sendinblue SMTP, Zoho SMTP, SendGrid SMTP, and so on.\u003C\u002Fp>\n\u003Cp>3 steps to set up YaySMTP that lets you start sending emails in minutes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fill in the sender ‘From’ name and email address\u003C\u002Fli>\n\u003Cli>Choose an email SMTP service provider as your mailer\u003C\u002Fli>\n\u003Cli>Config settings with built-in fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re selling via your WooCommerce website or not, you should ensure your email notifications make it to your audience inboxes. Communication should not end up in spam folders or get lost on the way.\u003C\u002Fp>\n\u003Cp>Setting up your WordPress site to use a WP SMTP mailer helps you send through without paying for regular technical maintenance. 🙌\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJ6crljFKwVA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>🚀 MORE BENEFITS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Seamless connection\u003C\u002Fstrong>: YaySMTP works with your hosting’s email server and dedicated SMTP service providers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send test email\u003C\u002Fstrong>: Quickly send a test email in a single click. Or you can send test and \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fhow-to-preview-and-test-your-woocommerce-emails\u002F\" rel=\"nofollow ugc\">preview WooCommerce order emails\u003C\u002Fa> as well.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full email log\u003C\u002Fstrong>: Keep all email logs with email content and metadata in basic or full information. You can filter, show\u002Fhide columns, and search by email subject, user email, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatically delete email logs\u003C\u002Fstrong>: You can keep logging emails forever or have your email log retained within the latest 7 – 365 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u002FImport email log\u003C\u002Fstrong>: Easily save a backup of your sent-out emails as CSV in case you need to refer to it later.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One click to migrate\u003C\u002Fstrong>: Import your server’s API key and settings from other WP SMTP plugins, including Easy WP SMTP, WP Mail SMTP Pro, SMTP Mailer, WP SMTP, Mail Bank, and more \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">upon request\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import email logs\u003C\u002Fstrong>: Migrate email logs from other WP SMTP plugins to ensure a complete record on your new \u003Ca href=\"https:\u002F\u002Fdocs.yaycommerce.com\u002Fyaysmtp\u002Fsettings-and-tools\u002Fview-email-log\" rel=\"nofollow ugc\">email logging page\u003C\u002Fa> of YaySMTP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fallback mailer\u003C\u002Fstrong>: Pick an alternative email sender or relay server with full options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable email delivery\u003C\u002Fstrong>: In the development local mode or maintenance stage, you can record email logs as if they are sent. This is helpful for testing purposes without consuming your sending volumes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Top-notch design\u003C\u002Fstrong>: Built with quality code and clean UI\u002FUX (your clients will love it!).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ecommerce optimized\u003C\u002Fstrong>: You can send WooCommerce transactional emails and also marketing campaigns.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎉 Supported Themes and Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Complete compatibility with all themes, page builders and major plugins.\u003C\u002Fli>\n\u003Cli>Perfect with \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaymail-woocommerce-email-customizer\u002F\" rel=\"nofollow ugc\">WooCommerce Email Customizer\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💪 Mailer\u003C\u002Fh3>\n\u003Cp>YaySMTP – WP SMTP Plugin allows you to freely integrate the following email SMTP services:\u003C\u002Fp>\n\u003Col>\n\u003Cli>SendGrid \u003C\u002Fli>\n\u003Cli>Gmail SMTP server\u003C\u002Fli>\n\u003Cli>Zoho\u003C\u002Fli>\n\u003Cli>Brevo (formerly Sendinblue SMTP)\u003C\u002Fli>\n\u003Cli>Mailgun\u003C\u002Fli>\n\u003Cli>SMTP.com \u003C\u002Fli>\n\u003Cli>Amazon SES\u003C\u002Fli>\n\u003Cli>Postmark\u003C\u002Fli>\n\u003Cli>MailJet\u003C\u002Fli>\n\u003Cli>MessageBird (formely Sparkpost)\u003C\u002Fli>\n\u003Cli>Pepipost\u003C\u002Fli>\n\u003Cli>SendPulse\u003C\u002Fli>\n\u003Cli>Microsoft Outlook, Office 365, Microsoft Exchange Online\u003C\u002Fli>\n\u003Cli>Mandrill SMTP by Mailchimp\u003C\u002Fli>\n\u003Cli>Yournotify\u003C\u002Fli>\n\u003Cli>IONOS\u003C\u002Fli>\n\u003Cli>Your hosting’s email server\u003C\u002Fli>\n\u003Cli>And more! \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa> to suggest your favorite mailer\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>🎯 Why use YaySMTP?\u003C\u002Fh3>\n\u003Cp>Customers who buy products from your website expect regular updates and follow-ups. That’s why timely communication is crucial to your business.\u003C\u002Fp>\n\u003Cp>Sending follow-up WordPress emails on time can bring customers back while building trust and brand value.\u003C\u002Fp>\n\u003Ch3>📝 Documentation and Support\u003C\u002Fh3>\n\u003Cp>If you’re having issues, do let us know, and we’ll be \u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">happy to help\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>♥️ Like this YaySMTP Plugin?\u003C\u002Fh3>\n\u003Cp>👉 Rate us 5 stars on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fyaysmtp\u002Freviews\u002F#new-post\" rel=\"ugc\">WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>✅ Check out our best-selling WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaymail-woocommerce-email-customizer\u002F\" rel=\"nofollow ugc\">YayMail – WooCommerce Email Customizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaymail-addons\u002F\" rel=\"nofollow ugc\">Email Customizer Addons\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaycurrency-woocommerce-multi-currency-switcher\u002F\" rel=\"nofollow ugc\">YayCurrency – WooCommerce Multi-Currency Switcher\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyaypricing-woocommerce-dynamic-pricing-and-discounts\u002F\" rel=\"nofollow ugc\">YayPricing – WooCommerce Dynamic Pricing And Discounts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyayextra-woocommerce-extra-product-options\u002F\" rel=\"nofollow ugc\">YayExtra – WooCommerce Extra Product Options\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyayswatches-variation-swatches-for-woocommerce\u002F\" rel=\"nofollow ugc\">YaySwatches – Variation Swatches for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>✅ Plugins to boost conversions and increase AOV in WooCommerce:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyayreviews-advanced-customer-reviews-for-woocommerce\u002F\" rel=\"nofollow ugc\">YayReviews – Advanced Customer Reviews with AI Summary\u003C\u002Fa> ✨\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyayboost-sales-booster-for-woocommerce\u002F\" rel=\"nofollow ugc\">YayBoost – Sales Booster for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyaycommerce.com\u002Fyay-wholesale-b2b-for-woocommerce\u002F\" rel=\"nofollow ugc\">Yay Wholesale B2B\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Send WordPress emails successfully with WP Mail SMTP via your favorite mailer",246937,43,"2026-03-30T12:59:00.000Z","5.5","5.4",[167,168,23,169,170],"email-log","gmail-smtp","wp-mail-smtp","wp-mail","https:\u002F\u002Fyaycommerce.com\u002Fyaysmtp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyaysmtp.2.7.4.zip",90,8,"2025-06-27 00:00:00",{"slug":177,"name":178,"version":179,"author":180,"author_profile":181,"description":182,"short_description":183,"active_installs":184,"downloaded":185,"rating":186,"num_ratings":187,"last_updated":188,"tested_up_to":16,"requires_at_least":189,"requires_php":18,"tags":190,"homepage":18,"download_link":193,"security_score":151,"vuln_count":133,"unpatched_count":73,"last_vuln_date":194,"fetched_at":31},"welcome-email-editor","Swift SMTP (formerly Welcome Email Editor)","6.3","David Vongries","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidvongries\u002F","\u003Cp>\u003Cstrong>Swift SMTP\u003C\u002Fstrong> is a free & simple SMTP Plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Struggeling with emails not being delivered from your WordPress website? Look no further.\u003C\u002Fp>\n\u003Ch4>📤 Custom SMTP Settings\u003C\u002Fh4>\n\u003Cp>Swift SMTP allows you to configure custom SMTP settings for your WordPress site, ensuring more reliable sending and delivery through your preferred service.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set “From” email address\u003C\u002Fli>\n\u003Cli>Set “From” name\u003C\u002Fli>\n\u003Cli>Define email content type (HTML or plain text)\u003C\u002Fli>\n\u003Cli>Set SMTP host\u003C\u002Fli>\n\u003Cli>Set up SMTP encryption & port (SSL or TSL)\u003C\u002Fli>\n\u003Cli>Set up SMTP authentification through username & password\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>💾 Email Logging (New!)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Log all outgoing emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📨 Customize WordPress Welcome Emails\u003C\u002Fh4>\n\u003Cp>When a user is added to or signs up for a website, WordPress sends notifications to both the site administrator and the new user. This plugin allows you to customize & change those emails.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change email subject\u003C\u002Fli>\n\u003Cli>Change email content\u003C\u002Fli>\n\u003Cli>Add an attachment\u003C\u002Fli>\n\u003Cli>Change “Reply-To” email address & name\u003C\u002Fli>\n\u003Cli>& more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔐 Change WordPress Reset Password Email\u003C\u002Fh4>\n\u003Cp>Swift SMTP also lets you customize the default \u003Cstrong>Forgot Password\u003C\u002Fstrong> email in WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change email subject\u003C\u002Fli>\n\u003Cli>Change email content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s next?\u003C\u002Fh4>\n\u003Cp>If you like Swift SMTP, make sure to check out our other products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fultimatedashboard.io\u002F?utm_source=weed&utm_medium=repository&utm_campaign=udb\" rel=\"nofollow ugc\">Ultimate Dashboard\u003C\u002Fa>\u003C\u002Fstrong> – The #1 WordPress plugin to customize your WordPress dashboard and admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-pagebuilderframework.com\u002F?utm_source=weed&utm_medium=repository&utm_campaign=wpbf\" rel=\"nofollow ugc\">Page Builder Framework\u003C\u002Fa>\u003C\u002Fstrong> – A fast & minimalistic WordPress theme designed for the new WordPress era.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbetteradminbar.com\u002F?utm_source=weed&utm_medium=repository&utm_campaign=bab\" rel=\"nofollow ugc\">Better Admin Bar\u003C\u002Fa>\u003C\u002Fstrong> – The plugin to make your clients enjoy WordPress. It replaces the default admin bar to provide the best possible user experience when editing & navigating a website.\u003C\u002Fli>\n\u003C\u002Ful>\n","Swift SMTP is a free & simple SMTP Plugin for WordPress.",8000,340565,84,68,"2025-12-01T13:45:00.000Z","4.6",[191,23,177,192,169],"custom-smtp","wordpress-email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwelcome-email-editor.6.3.zip","2024-01-08 00:00:00",{"attackSurface":196,"codeSignals":238,"taintFlows":246,"riskAssessment":291,"analyzedAt":299},{"hooks":197,"ajaxHandlers":225,"restRoutes":235,"shortcodes":236,"cronEvents":237,"entryPointCount":133,"unprotectedCount":73},[198,204,209,213,217,221],{"type":199,"name":200,"callback":201,"file":202,"line":203},"action","admin_menu","postmarkapp_admin_menu","postmarkapp.php",26,{"type":205,"name":206,"callback":207,"priority":87,"file":202,"line":208},"filter","plugin_action_links","postmarkapp_admin_action_links",80,{"type":199,"name":210,"callback":211,"file":202,"line":212},"admin_enqueue_scripts","postmarkapp_admin_enqueue_scripts",109,{"type":205,"name":214,"callback":215,"file":202,"line":216},"http_request_timeout","postmarkapp_filter_http_request_timeout",546,{"type":199,"name":218,"callback":219,"file":202,"line":220},"postmarkapp_before_wp_mail","postmarkapp_add_timeout_filter",549,{"type":199,"name":222,"callback":223,"file":202,"line":224},"postmarkapp_after_wp_mail","postmarkapp_remove_timeout_filter",559,[226,231],{"action":227,"nopriv":50,"callback":228,"hasNonce":229,"hasCapCheck":229,"file":202,"line":230},"postmarkapp_admin_test","postmarkapp_admin_test_ajax",true,250,{"action":232,"nopriv":50,"callback":233,"hasNonce":229,"hasCapCheck":229,"file":202,"line":234},"postmarkapp_import_settings","postmarkapp_admin_import_settings",576,[],[],[],{"dangerousFunctions":239,"sqlUsage":240,"outputEscaping":242,"fileOperations":73,"externalRequests":29,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":245},[],{"prepared":73,"raw":73,"locations":241},[],{"escaped":243,"rawEcho":73,"locations":244},52,[],[],[247,265,278],{"entryPoint":248,"graph":249,"unsanitizedCount":73,"severity":264},"postmarkapp_admin_options (postmarkapp.php:114)",{"nodes":250,"edges":262},[251,256],{"id":252,"type":253,"label":254,"file":202,"line":255},"n0","source","$_POST (x5)",127,{"id":257,"type":258,"label":259,"file":202,"line":260,"wp_function":261},"n1","sink","update_option() [Settings Manipulation]",143,"update_option",[263],{"from":252,"to":257,"sanitized":229},"low",{"entryPoint":266,"graph":267,"unsanitizedCount":73,"severity":264},"postmarkapp_admin_test_ajax (postmarkapp.php:255)",{"nodes":268,"edges":276},[269,272],{"id":252,"type":253,"label":270,"file":202,"line":271},"$_POST",267,{"id":257,"type":258,"label":273,"file":202,"line":274,"wp_function":275},"echo() [XSS]",269,"echo",[277],{"from":252,"to":257,"sanitized":229},{"entryPoint":279,"graph":280,"unsanitizedCount":73,"severity":264},"\u003Cpostmarkapp> (postmarkapp.php:0)",{"nodes":281,"edges":288},[282,283,284,286],{"id":252,"type":253,"label":254,"file":202,"line":255},{"id":257,"type":258,"label":259,"file":202,"line":260,"wp_function":261},{"id":285,"type":253,"label":270,"file":202,"line":271},"n2",{"id":287,"type":258,"label":273,"file":202,"line":274,"wp_function":275},"n3",[289,290],{"from":252,"to":257,"sanitized":229},{"from":285,"to":287,"sanitized":229},{"summary":292,"deductions":293},"The \"postmarkapp-email-integrator\" plugin v2.5.0 exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and all output being properly escaped. The absence of dangerous functions, file operations, and unsanitized taint flows is also commendable. Furthermore, all identified entry points (AJAX handlers) appear to have nonce and capability checks, indicating good authorization practices.\n\nHowever, significant concerns arise from the plugin's vulnerability history. With a total of three known CVEs, and one still unpatched, this indicates a pattern of security weaknesses. The previous vulnerabilities being of medium severity and involving Cross-Site Scripting (XSS), Missing Authorization, and Cross-Site Request Forgery (CSRF) suggest recurring issues that the developers have not fully remediated. The existence of an unpatched CVE is a critical risk, as it leaves the plugin and potentially the entire WordPress site vulnerable to known exploits.\n\nIn conclusion, while the current version of the plugin demonstrates improved coding hygiene in areas like SQL and output handling, the persistent presence of unpatched vulnerabilities and a history of common security flaws overshadows these strengths. The single unpatched CVE represents a significant immediate threat that must be addressed. Continued vigilance and prompt patching of all discovered vulnerabilities are crucial for this plugin's security.",[294,297],{"reason":295,"points":296},"Unpatched CVE present",15,{"reason":298,"points":87},"History of medium severity CVEs","2026-04-16T11:06:17.438Z",{"wat":301,"direct":308},{"assetPaths":302,"generatorPatterns":304,"scriptPaths":305,"versionParams":306},[303],"\u002Fwp-content\u002Fplugins\u002Fpostmarkapp-email-integrator\u002Fjs\u002Fpma-admin.js",[],[303],[307],"postmarkapp-email-integrator\u002Fjs\u002Fpma-admin.js?ver=2.5.0",{"cssClasses":309,"htmlComments":310,"htmlAttributes":311,"restEndpoints":323,"jsGlobals":324,"shortcodeOutput":326},[],[],[312,313,314,315,316,317,318,319,320,321,322],"id=\"pma_enabled\"","id=\"pma_api_key\"","id=\"pma_sender_address\"","id=\"pma_forcehtml\"","id=\"pma_trackopens\"","name=\"pma_enabled\"","name=\"pma_api_key\"","name=\"pma_sender_address\"","name=\"pma_forcehtml\"","name=\"pma_trackopens\"","name=\"pma_settings_nonce\"",[],[325],"pmaAdmin",[],{"error":229,"url":328,"statusCode":329,"statusMessage":330,"message":330},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpostmarkapp-email-integrator\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":174,"versions":332},[333,339,349,359,369,379,389,399],{"version":6,"download_url":26,"svn_tag_url":334,"released_at":39,"has_diff":50,"diff_files_changed":335,"diff_lines":39,"trac_diff_url":336,"vulnerabilities":337,"is_current":229},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.4&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.5.0",[338],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"version":340,"download_url":341,"svn_tag_url":342,"released_at":39,"has_diff":50,"diff_files_changed":343,"diff_lines":39,"trac_diff_url":344,"vulnerabilities":345,"is_current":50},"2.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.3&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.4",[346,347,348],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":350,"download_url":351,"svn_tag_url":352,"released_at":39,"has_diff":50,"diff_files_changed":353,"diff_lines":39,"trac_diff_url":354,"vulnerabilities":355,"is_current":50},"2.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.2&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.3",[356,357,358],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":360,"download_url":361,"svn_tag_url":362,"released_at":39,"has_diff":50,"diff_files_changed":363,"diff_lines":39,"trac_diff_url":364,"vulnerabilities":365,"is_current":50},"2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.1&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.2",[366,367,368],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":370,"download_url":371,"svn_tag_url":372,"released_at":39,"has_diff":50,"diff_files_changed":373,"diff_lines":39,"trac_diff_url":374,"vulnerabilities":375,"is_current":50},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.0&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.1",[376,377,378],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":380,"download_url":381,"svn_tag_url":382,"released_at":39,"has_diff":50,"diff_files_changed":383,"diff_lines":39,"trac_diff_url":384,"vulnerabilities":385,"is_current":50},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F1.1&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F2.0",[386,387,388],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":390,"download_url":391,"svn_tag_url":392,"released_at":39,"has_diff":50,"diff_files_changed":393,"diff_lines":39,"trac_diff_url":394,"vulnerabilities":395,"is_current":50},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpostmarkapp-email-integrator%2Ftags%2F1.0&new_path=%2Fpostmarkapp-email-integrator%2Ftags%2F1.1",[396,397,398],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6},{"version":400,"download_url":401,"svn_tag_url":402,"released_at":39,"has_diff":50,"diff_files_changed":403,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":404,"is_current":50},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmarkapp-email-integrator.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpostmarkapp-email-integrator\u002Ftags\u002F1.0\u002F",[],[405,406,407],{"id":60,"url_slug":61,"title":62,"severity":41,"cvss_score":64,"vuln_type":66,"patched_in_version":6},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":39},{"id":75,"url_slug":76,"title":77,"severity":41,"cvss_score":64,"vuln_type":80,"patched_in_version":6}]