[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQf570rnng4MDWU00o_dMAXwCFwWtx8oId7fiJDgeGQ8":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":56,"crawl_stats":36,"alternatives":62,"analysis":164,"fingerprints":341},"turbosmtp","turboSMTP","4.9.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fturbosmtp\u002F","\u003Cp>turboSMTP’s official plugin for WordPress is a professional tool that delivers and tracks your transactional emails in real time. It will improve the deliverability of the emails sent from your wordpress cms.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy setup\u003C\u002Fstrong>: our plugin is ready to be used! It doesn’t need advanced configuration. No special skills required: just fill in sender’s credentials and you’re done.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Transactional emails\u003C\u002Fstrong>: the turboSMTP plugin can be used to deliver all the outgoing emails of the website working on behalf of the wp_mail() function. In fact, once activated, it will be automatically set as default. You don’t have to set anything! This way you’ll be able to deliver the email confirmation of your subscription form, the system notification and so on…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>100% compatible\u003C\u002Fstrong>: turboSMTP plugin will take charge of important emails such as your WordPress system emails, Woocommerce plugin and security alert ones.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Reports\u003C\u002Fstrong>: your statistics are always under control thanks to the real time reports about clicks, opens, bounces and much more…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Test email\u003C\u002Fstrong>: you can check the service status at anytime thanks to the test email feature\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Whitelisted servers\u003C\u002Fstrong>: the delivery of your emails is always fast and successful.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>: the plugin is available in english and italian languages. Soon available the french and spanish ones.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily send emails from your WordPress website using turboSMTP's services",400,15004,88,8,"2025-12-02T10:09:00.000Z","6.9.4","6.0","",[19,20,21,22,4],"email","mailer","smtp","ssl","https:\u002F\u002Fwww.serversmtp.com\u002Fen\u002Fsmtp-wordpress-configure","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturbosmtp.4.9.7.zip",99,2,0,"2025-01-14 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-22753","turbosmtp-reflected-cross-site-scripting","turboSMTP \u003C= 4.6 - Reflected Cross-Site Scripting","The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=4.6","4.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-22 20:35:52",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe031dbef-1f7a-4c17-803a-fd467978d7f3?source=api-prod",9,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":52,"updated_date":53,"references":54,"days_to_patch":26},"CVE-2024-12323","turbosmtp-reflected-cross-site-scripting-via-page","turboSMTP \u003C= 4.6 - Reflected Cross-Site Scripting via 'page'","The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link while logged in to turboSMTP.","2024-12-09 00:00:00","2024-12-10 14:28:14",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcca9f71c-42e6-416f-94f2-cb79bbdfc69a?source=api-prod",{"slug":4,"display_name":5,"profile_url":7,"plugin_count":57,"total_installs":58,"avg_security_score":59,"avg_patch_time_days":60,"trust_score":59,"computed_at":61},3,510,100,6,"2026-04-05T22:17:53.286Z",[63,83,103,124,145],{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":26,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":17,"tags":77,"homepage":80,"download_link":81,"security_score":82,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"wp-smtp-config","WP SMTP Config","1.2.0","pCoLaSD","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcolasd\u002F","\u003Cp>This plugin configures WordPress and WordPress MU to use a SMTP server when sending emails instead of the default PHP \u003Ccode>mail()\u003C\u002Fcode> function.\u003C\u002Fp>\n\u003Cp>You will configure your SMTP settings in your \u003Ccode>wp-config.php\u003C\u002Fcode> file instead of the settings page.\u003Cbr \u002F>\nThe advantage is that no admin of your blog can read the settings.\u003Cbr \u002F>\nAnd you only have to place your settings once in cases of a WordPress MU installation.\u003C\u002Fp>\n\u003Cp>A sample configuration:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n * WordPress SMTP server\n *\u002F\ndefine('WP_SMTP_HOST',       'mail.example.com');\ndefine('WP_SMTP_PORT',       25);                                \u002F\u002F obligatory - default: 25\ndefine('WP_SMTP_ENCRYPTION', 'tls');                             \u002F\u002F obligatory ('tls' or 'ssl') - default: no encryption\ndefine('WP_SMTP_USER',       'username');                        \u002F\u002F obligatory - default: no user\ndefine('WP_SMTP_PASSWORD',   'password');                        \u002F\u002F obligatory - default: no password\ndefine('WP_SMTP_FROM',       'John Doe \u003Cjohn.doe@example.com>'); \u002F\u002F obligatory - default: no custom from address\ndefine('WP_SMTP_REPLYTO',    'Jane Doe \u003Cjane.doe@example.com>'); \u002F\u002F obligatory - default: no custom reply to address\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Configure an external SMTP server in your config file.",200,15671,60,"2018-11-12T07:52:00.000Z","4.9.29","3.0",[19,78,79,21,22],"mail","phpmailer","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-smtp-config\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smtp-config.1.2.0.zip",85,{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":15,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":27,"last_vuln_date":102,"fetched_at":29},"smtp-mailer","SMTP Mailer","1.1.25","Noor Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnaa986\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482\" rel=\"nofollow ugc\">SMTP Mailer\u003C\u002Fa> plugin allows you to configure a mail server which handles all outgoing email from your website. It takes control of the wp_mail function and use SMTP instead.\u003C\u002Fp>\n\u003Ch3>SMTP Mailer Add-ons\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fhow-to-add-a-reply-to-address-in-the-smtp-mailer-wordpress-plugin-6997\" rel=\"nofollow ugc\">Reply-To\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-email-logger-7066\" rel=\"nofollow ugc\">Email Logger\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SMTP Mailer Settings\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMTP Host\u003C\u002Fstrong>: Your outgoing mail server (e.g. smtp.gmail.com).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Authentication\u003C\u002Fstrong>: Whether to use SMTP authentication when sending an email (True\u002FFalse). If you choose to authenticate you will also need to provide your username and password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Username\u003C\u002Fstrong>: The username to connect to your SMTP server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Password\u003C\u002Fstrong>: The password to connect to your SMTP server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Type of Encryption\u003C\u002Fstrong>: The encryption to be used when sending an email (TLS\u002FSSL\u002FNo Encryption. TLS is recommended).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Port\u003C\u002Fstrong>: The port to be used when sending an email (587\u002F465\u002F25). If you choose TLS the port should be set to 587. For SSL use port 465 instead.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Email Address\u003C\u002Fstrong>: The email address to be used as the From Email when sending a test email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Name\u003C\u002Fstrong>: The name to be used as the From Name when sending a test email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Name\u003C\u002Fstrong>: The From name in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Email\u003C\u002Fstrong>: The From email in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Address\u003C\u002Fstrong>: The From address in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable SSL Certificate Verification\u003C\u002Fstrong>: As of PHP 5.6 a warning\u002Ferror is shown if the SSL certificate on the server is not properly configured. This option lets you disable that behaviour.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SMTP Mailer Test Email\u003C\u002Fh3>\n\u003Cp>Once you have configured the settings you can send a test email to check the functionality of the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>To\u003C\u002Fstrong>: Email address of the recipient.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subject\u003C\u002Fstrong>: Subject of the email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Message\u003C\u002Fstrong>: Email body.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Known Compatibility\u003C\u002Fh3>\n\u003Cp>SMTP Mailer should work with any plugin that uses the WordPress Mail function. However, It has been tested with the following form and contact form plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Jetpack Contact Form\u003C\u002Fli>\n\u003Cli>Visual Form Builder\u003C\u002Fli>\n\u003Cli>Fast Secure Contact Form\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Contact Form by BestWebSoft\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For detailed setup instructions please visit the \u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482\" rel=\"nofollow ugc\">SMTP Mailer\u003C\u002Fa> plugin page.\u003C\u002Fp>\n","Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.",70000,1380971,90,65,"2026-02-16T23:09:00.000Z","6.9",[19,78,79,21],"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmtp-mailer.zip",97,1,"2026-03-20 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":15,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":121,"download_link":122,"security_score":25,"vuln_count":101,"unpatched_count":27,"last_vuln_date":123,"fetched_at":29},"wpo365-msgraphmailer","WPO365 | MICROSOFT 365 GRAPH MAILER","4.2","Marco van Wieren","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpo365\u002F","\u003Cp>\u003Cstrong>WPO365 | MS GRAPH MAILER\u003C\u002Fstrong> provides you with a modern, reliable and efficient way to send WordPress transactional emails from one of your Microsoft 365 \u002F Exchange Online \u002F Mail enabled accounts.\u003C\u002Fp>\n\u003Cp>The plugin re-configures your WordPress website to send emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> instead of – for example – SMTP. Sending WordPress emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> has become the only available alternative after Microsoft has disabled basic authentication (username and password) over the SMTP protocol.\u003C\u002Fp>\n\u003Ch4>DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send WordPress transactional emails from one of your \u003Cstrong>Microsoft 365 Exchange Online \u002F Mail enabled accounts\u003C\u002Fstrong> using Microsoft Graph instead of – for example – SMTP.\u003C\u002Fli>\n\u003Cli>Choose between delegated (send mail as a user) and application-level (send mail as any user) type permissions.\u003C\u002Fli>\n\u003Cli>Or: Select either a Microsoft 365 account or a personal Microsoft account, like Hotmail.com or Outlook.com, to send WordPress emails.\u003C\u002Fli>\n\u003Cli>Or: Configure \u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002FExchange\u002Fpermissions-exo\u002Fapplication-rbac\" rel=\"nofollow ugc\">RBAC for Exchange Online\u003C\u002Fa> and authorize as an application but with a limited scope e.g. one specific mailbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS HTML\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails formatted as \u003Cstrong>HTML\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SAVE TO SENT ITEMS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Emails sent will be saved in the account’s mailbox in the \u003Cstrong>Sent Items\u003C\u002Fstrong> folder, further helping to track (successful) mail delivery.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send files from your WordPress website as \u003Cem>attachments\u003C\u002Fem>. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>See what matters, when it happens\u003C\u002Fstrong> Track key WPO365 events like sent emails with WPO365 Insights \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONFIGURATION \u002F TEST EMAIL DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy configuration with detailed step-by-step \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F141-send-email-using-microsoft-graph-mailer\" rel=\"nofollow ugc\">Getting started\u003C\u002Fa> guide and video.\u003C\u002Fli>\n\u003Cli>Send \u003Cem>test email\u003C\u002Fem> to recipients incl. CC, BCC and attachment.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1CK7Fl8f8iA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ADD FUNCTIONALITY WITH PREMIUM EXTENSIONS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The following features can be unlocked with the \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fdownloads\u002Fwpo365-mail\u002F\" rel=\"nofollow ugc\">WPO365 | MAIL\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Get \u003Cstrong>WPO35 Alerts\u003C\u002Fstrong> in your inbox when email delivery is failing \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Auto-Retry\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Log every email\u003C\u002Fstrong> sent from your WordPress website, review errors and (automatically) try to send unsuccessfully \u003Cstrong>sent mails again\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LARGE ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add support to send WordPress emails with \u003Cstrong>attachments larger than 3 MB\u003C\u002Fstrong> using Microsoft Graph.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS \u002F SEND ON BEHALF OF\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email \u003Cstrong>as \u002F on behalf of\u003C\u002Fstrong> another user or distribution list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SHARED MAILBOX\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email from \u003Cstrong>Microsoft 365 Shared Mailbox\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>STAGING MODE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mail Staging Mode\u003C\u002Fstrong> is useful for debugging and staging environments. WordPress emails will be logged and saved in the database instead of being sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DYNAMIC SEND-FROM\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow forms to \u003Cstrong>override “From”\u003C\u002Fstrong> address e.g allow Contact Form 7 to dynamically configure the account used to send the email from (requires application-level Mail.Send permissions).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MAIL THROTTLE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Throttle\u003C\u002Fstrong> the number of emails sent from your website per minute.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WP-CONFIG FOR AAD SECRETS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Further improve overall security by choosing to store Azure Active Directory secrets in your WordPress WP-Config.php (on disk) and have those secrets removed from the database.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS BCC\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails \u003Cstrong>as BCC\u003C\u002Fstrong> instead and prevent reply-to-all mail pollution.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REPLY-TO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configure a \u003Cstrong>default reply-to\u003C\u002Fstrong> mail address if this should differ from the account’s mail address that is used to send WordPress transactional emails from.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We have tested our plugin with WordPress >= 5.0 and PHP >= 5.6.40.\u003C\u002Fli>\n\u003Cli>You need to be an Entra ID Tenant Administrator to configure both Azure Active Directory and the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We will go to great length trying to support you if the plugin doesn’t work as expected. Go to our \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fhow-to-get-support\u002F\" rel=\"nofollow ugc\">Support Page\u003C\u002Fa> to get in touch with us. We haven’t been able to test our plugin in all endless possible WordPress configurations and versions so we are keen to hear from you and happy to learn!\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>We are keen to hear from you so share your feedback with us on \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fdownloads-by-van-wieren\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> and help us get better!\u003C\u002Fp>\n\u003Ch3>Open Source\u003C\u002Fh3>\n\u003Cp>When you’re a developer and interested in the code you should have a look at our repo over at \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpo365-msgraphmailer\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n","Send WordPress emails from a M365 \u002F Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP",10000,180605,98,37,"2025-12-07T21:56:00.000Z","5.0","7.4",[19,119,79,21,120],"microsoft","wp_mail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpo365-msgraphmailer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpo365-msgraphmailer.4.2.zip","2025-02-23 22:53:02",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":113,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":17,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":101,"unpatched_count":27,"last_vuln_date":144,"fetched_at":29},"configure-smtp","Configure SMTP","3.5","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Configure SMTP mailing in WordPress, including support for sending email via SSL\u002FTLS (such as Gmail).\u003C\u002Fp>\n\u003Cp>This plugin is the official successor to the original SMTP plugin for WordPress (wpPHPMailer).\u003C\u002Fp>\n\u003Cp>Use this plugin to customize the SMTP mailing system used by default by WordPress to handle \u003Cem>outgoing\u003C\u002Fem> emails. It offers you the ability to specify:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SMTP host name\u003C\u002Fli>\n\u003Cli>SMTP port number\u003C\u002Fli>\n\u003Cli>If SMTPAuth (authentication) should be used\u003C\u002Fli>\n\u003Cli>SMTP username\u003C\u002Fli>\n\u003Cli>SMTP password\u003C\u002Fli>\n\u003Cli>If the SMTP connection needs to occur over ssl or tls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, you can instead indicate that you wish to use Gmail to handle outgoing email, in which case the above settings are automatically configured to values appropriate for Gmail, though you’ll need to specify your Gmail email address (including the “@gmail.com”) and password.\u003C\u002Fp>\n\u003Cp>Regardless of whether SMTP is enabled, the plugin provides you the ability to define the name and email of the ‘From:’ field for all outgoing emails.\u003C\u002Fp>\n\u003Cp>A simple test button is also available that allows you to send a test email to yourself to check if sending email has been properly configured for your site.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fconfigure-smtp\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconfigure-smtp\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fconfigure-smtp\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Configure SMTP mailing in WordPress, including support for sending email via SSL\u002FTLS (such as Gmail).",7000,369145,45,"2024-07-22T22:30:00.000Z","6.5.8","5.5",[139,19,140,79,21],"coffee2code","gmail","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fconfigure-smtp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconfigure-smtp.3.5.zip",92,"2024-02-26 00:00:00",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":155,"num_ratings":156,"last_updated":157,"tested_up_to":158,"requires_at_least":159,"requires_php":160,"tags":161,"homepage":17,"download_link":163,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"mailersend-official-smtp-integration","MailerSend – Official SMTP Integration","1.0.5","MailerSend","https:\u002F\u002Fprofiles.wordpress.org\u002Fmailersend\u002F","\u003Cp>WordPress hosting companies are not optimized for high-volume email sending, which may result in some of your emails not getting delivered. MailerSend’s \u003Ca href=\"https:\u002F\u002Fwww.mailersend.com\u002Ffeatures\u002Fsmtp-relay\" rel=\"nofollow ugc\">dedicated SMTP server\u003C\u002Fa> will ensure that your forms, account notifications, e-commerce orders, and other transactional emails get delivered. By using this official SMTP plugin, you will:\u003Cbr \u002F>\n* Improve your email deliverability\u003Cbr \u002F>\n* Protect your domain reputation\u003Cbr \u002F>\n* Learn more about your recipients\u003C\u002Fp>\n\u003Ch4>Deliverability\u003C\u002Fh4>\n\u003Cp>Improve inbox performance and ensure a smooth customer experience by letting MailerSend take care of email sending. After a decade of email delivery experience, MailerSend’s deliverability experts understand what it takes to avoid spam filters, stay off blocklists and lower bounce rates.\u003C\u002Fp>\n\u003Ch4>Domain reputation\u003C\u002Fh4>\n\u003Cp>Keep your domain reputation safe with MailerSend’s email authentication practices. Give your customers the confidence that they’re interacting with an established brand, and let MailerSend manage the emails that could potentially damage your reputation.\u003C\u002Fp>\n\u003Ch4>Analytics\u003C\u002Fh4>\n\u003Cp>Understand what happens after an email gets sent. Access a wide range of key metrics—like open rates, bounce rates and click-through rates—to learn what works and what needs optimization so you can keep improving your email performance.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Avoid spam filters, prevent blocklisting, and lower hard bounce rates with powerful sending infrastructure\u003C\u002Fli>\n\u003Cli>Automate the customer experience by connecting to thousands of other apps with Zapier\u003C\u002Fli>\n\u003Cli>Get instant push updates with webhooks\u003C\u002Fli>\n\u003Cli>Receive customer replies sent to your domain with an inbound route feature\u003C\u002Fli>\n\u003Cli>Monitor all email interactions such as opens, clicks, open locations and devices. Plus, use your own subdomain and get a custom tracking link!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the MailerSend plugin.\u003C\u002Fli>\n\u003Cli>Add your \u003Ca href=\"https:\u002F\u002Fapp.mailersend.com\u002Fdomains\" rel=\"nofollow ugc\">SMTP credentials\u003C\u002Fa> from MailerSend to establish the connection.\u003C\u002Fli>\n\u003Cli>Test your connection to make sure it’s working.\u003C\u002Fli>\n\u003Cli>And get sending!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Get help whenever you need it. \u003Ca href=\"https:\u002F\u002Fwww.mailersend.com\u002Fcontact-us\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa> or drop a message via live chat in the app. MailerSend’s dedicated support team works 24\u002F7 because transactional emails never stop.\u003C\u002Fp>\n","Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!",2000,21446,56,12,"2026-01-22T09:28:00.000Z","6.6.5","5.7","7.2.5",[19,162,79,21,120],"mailersend","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailersend-official-smtp-integration.1.0.5.zip",{"attackSurface":165,"codeSignals":233,"taintFlows":292,"riskAssessment":328,"analyzedAt":340},{"hooks":166,"ajaxHandlers":212,"restRoutes":229,"shortcodes":230,"cronEvents":231,"entryPointCount":232,"unprotectedCount":232},[167,173,178,180,185,187,190,193,196,199,201,203,206,209],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","wp_mail_failed","closure","admin\\class-turbosmtp-admin.php",141,{"type":174,"name":175,"callback":176,"file":171,"line":177},"filter","turbosmtp_disconnect_if_api_response_401","__return_false",250,{"type":174,"name":175,"callback":176,"file":171,"line":179},467,{"type":168,"name":181,"callback":182,"file":183,"line":184},"admin_enqueue_scripts","anonymous","includes\\class-turbosmtp.php",161,{"type":168,"name":181,"callback":182,"file":183,"line":186},162,{"type":168,"name":188,"callback":182,"file":183,"line":189},"admin_menu",164,{"type":168,"name":191,"callback":182,"file":183,"line":192},"admin_notices",167,{"type":168,"name":194,"callback":182,"file":183,"line":195},"admin_post_turbosmtp_save_send_options",173,{"type":168,"name":197,"callback":182,"file":183,"line":198},"admin_post_save_api_keys",179,{"type":168,"name":200,"callback":182,"file":183,"line":71},"wp_enqueue_scripts",{"type":168,"name":200,"callback":182,"file":183,"line":202},201,{"type":168,"name":204,"callback":182,"file":183,"line":205},"turbosmtp_api_response",202,{"type":168,"name":207,"callback":182,"file":183,"line":208},"pre_wp_mail",205,{"type":168,"name":210,"callback":182,"file":183,"line":211},"phpmailer_init",206,[213,217,220,223,226],{"action":214,"nopriv":215,"callback":182,"hasNonce":215,"hasCapCheck":215,"file":183,"line":216},"turbosmtp_generate_api_keys",false,168,{"action":218,"nopriv":215,"callback":182,"hasNonce":215,"hasCapCheck":215,"file":183,"line":219},"turbosmtp_get_stats_chart",171,{"action":221,"nopriv":215,"callback":182,"hasNonce":215,"hasCapCheck":215,"file":183,"line":222},"turbosmtp_get_stats_history",172,{"action":224,"nopriv":215,"callback":182,"hasNonce":215,"hasCapCheck":215,"file":183,"line":225},"turbosmtp_send_test_email",174,{"action":227,"nopriv":215,"callback":182,"hasNonce":215,"hasCapCheck":215,"file":183,"line":228},"turbosmtp_disconnect_account",175,[],[],[],5,{"dangerousFunctions":234,"sqlUsage":235,"outputEscaping":237,"fileOperations":101,"externalRequests":26,"nonceChecks":290,"capabilityChecks":27,"bundledLibraries":291},[],{"prepared":27,"raw":27,"locations":236},[],{"escaped":114,"rawEcho":238,"locations":239},25,[240,243,245,247,248,250,252,254,256,258,260,262,263,265,268,270,272,275,277,279,280,281,283,285,288],{"file":171,"line":241,"context":242},535,"raw output",{"file":244,"line":94,"context":242},"admin\\partials\\configuration.php",{"file":244,"line":246,"context":242},73,{"file":244,"line":246,"context":242},{"file":244,"line":249,"context":242},76,{"file":244,"line":251,"context":242},91,{"file":244,"line":253,"context":242},102,{"file":244,"line":255,"context":242},110,{"file":244,"line":257,"context":242},139,{"file":244,"line":259,"context":242},187,{"file":244,"line":261,"context":242},188,{"file":244,"line":261,"context":242},{"file":244,"line":264,"context":242},222,{"file":266,"line":267,"context":242},"admin\\partials\\credentials.php",21,{"file":266,"line":269,"context":242},32,{"file":266,"line":271,"context":242},68,{"file":273,"line":274,"context":242},"admin\\partials\\login.php",19,{"file":273,"line":276,"context":242},28,{"file":278,"line":274,"context":242},"admin\\partials\\migration.php",{"file":278,"line":276,"context":242},{"file":278,"line":269,"context":242},{"file":278,"line":282,"context":242},103,{"file":284,"line":238,"context":242},"admin\\partials\\stats-free.php",{"file":286,"line":287,"context":242},"admin\\partials\\stats.php",52,{"file":289,"line":287,"context":242},"includes\\class-turbosmtp-messages-list-table.php",7,[],[293,317],{"entryPoint":294,"graph":295,"unsanitizedCount":27,"severity":316},"\u003Ccredentials> (admin\\partials\\credentials.php:0)",{"nodes":296,"edges":312},[297,302,307,310],{"id":298,"type":299,"label":300,"file":266,"line":301},"n0","source","$_GET['consumer_key']",44,{"id":303,"type":304,"label":305,"file":266,"line":301,"wp_function":306},"n1","sink","echo() [XSS]","echo",{"id":308,"type":299,"label":309,"file":266,"line":73},"n2","$_GET['consumer_secret']",{"id":311,"type":304,"label":305,"file":266,"line":73,"wp_function":306},"n3",[313,315],{"from":298,"to":303,"sanitized":314},true,{"from":308,"to":311,"sanitized":314},"low",{"entryPoint":318,"graph":319,"unsanitizedCount":27,"severity":316},"\u003Cstats> (admin\\partials\\stats.php:0)",{"nodes":320,"edges":326},[321,324],{"id":298,"type":299,"label":322,"file":286,"line":323},"$_REQUEST",236,{"id":303,"type":304,"label":305,"file":286,"line":325,"wp_function":306},239,[327],{"from":298,"to":303,"sanitized":314},{"summary":329,"deductions":330},"The TurboSMTP plugin v4.9.7 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known unpatched vulnerabilities, significant concerns arise from its attack surface.  Specifically, all five identified AJAX handlers lack authentication checks, creating a direct pathway for unauthorized actions.  The limited taint analysis reveals no critical or high-severity issues, which is positive, but the static analysis indicates a moderate percentage of output is not properly escaped, hinting at potential cross-site scripting (XSS) risks if user input is directly reflected without sufficient sanitization.\n\nThe vulnerability history shows two past medium-severity CVEs, both related to Cross-Site Scripting. Although these are patched and the plugin currently has no unpatched issues, the recurring nature of XSS vulnerabilities warrants attention. This pattern suggests that while past vulnerabilities have been addressed, ongoing vigilance is required to prevent similar issues from re-emerging. The lack of capability checks on AJAX handlers is a substantial weakness, allowing any user to potentially interact with these points, exacerbating the risk posed by any undiscovered or future vulnerabilities.\n\nIn conclusion, TurboSMTP v4.9.7 has strengths in its SQL handling and prompt patching of past vulnerabilities. However, the unprotected AJAX handlers represent a critical security gap that needs immediate attention. The history of XSS vulnerabilities, coupled with a portion of unescaped output, suggests a need for more robust input validation and output encoding practices to ensure a secure user experience and prevent potential data breaches or defacement.",[331,334,336,338],{"reason":332,"points":333},"All AJAX handlers lack authentication checks",10,{"reason":335,"points":60},"Moderate percentage of output unescaped",{"reason":337,"points":13},"No capability checks on AJAX handlers",{"reason":339,"points":232},"History of medium severity XSS vulnerabilities","2026-03-16T19:46:28.057Z",{"wat":342,"direct":351},{"assetPaths":343,"generatorPatterns":346,"scriptPaths":347,"versionParams":348},[344,345],"\u002Fwp-content\u002Fplugins\u002Fturbosmtp\u002Fadmin\u002Fcss\u002Fturbosmtp-admin.css","\u002Fwp-content\u002Fplugins\u002Fturbosmtp\u002Fadmin\u002Fjs\u002Fturbosmtp-admin.js",[],[345],[349,350],"turbosmtp-admin-css?ver=","turbosmtp-admin-js?ver=",{"cssClasses":352,"htmlComments":357,"htmlAttributes":363,"restEndpoints":366,"jsGlobals":367,"shortcodeOutput":369},[353,354,355,356],"turbosmtp-config-wrapper","turbosmtp-field-wrapper","turbosmtp-btn-primary","turbosmtp-btn-secondary",[358,359,360,361,362],"\u003C!-- TurboSMTP Migration Form -->","\u003C!-- TurboSMTP Login Form -->","\u003C!-- TurboSMTP Configuration Form -->","\u003C!-- TurboSMTP Stats Free Template -->","\u003C!-- TurboSMTP Stats Paid Template -->",[364,365],"data-turbosmtp-nonce","data-turbosmtp-send-test-email-nonce",[],[368],"window.turbosmtp_ajax_object",[]]