A serious Cross-Site Scripting (XSS) vulnerability has been uncovered in version 7.1 of the WordPress Post SMTP Mailer/Email Log plugin, demanding immediate attention to ensure WordPress security and thwart potential malware threats. The discovery of this vulnerability is credited to Alex Thomas, who responsibly reported it for prompt action.

The vulnerability lies in the plugin’s handling of user input, providing a gateway for attackers to inject malicious JavaScript code into the plugin’s settings page. When a user accesses the settings page, this injected code executes, granting attackers unauthorized access to exploit your website’s vulnerabilities.


The severity of this vulnerability is classified as high, signifying the considerable risks it poses to WordPress security. In the hands of an attacker, the vulnerability enables the injection of harmful scripts into your website, potentially leading to dire consequences such as stealing user credentials, redirecting users to malicious websites, or displaying unwanted advertisements.

Affected Versions:

The vulnerability affects version 7.1 and all earlier versions of the WordPress Post SMTP Mailer/Email Log plugin. Websites running these versions are vulnerable and must take immediate action to address the security flaw.


Exploiting this XSS vulnerability provides attackers with unauthorized access to your website and its users. Armed with this access, attackers can inflict various harmful actions, including damaging your website’s content, compromising user credentials, and tarnishing your website’s reputation.


To protect your website from potential harm and bolster WordPress security, it is imperative to update the WordPress Post SMTP Mailer/Email Log plugin immediately. Ensure your website is running the latest available version, which is at least 2.5.8. This critical update contains the necessary fixes to mitigate the XSS vulnerability and enhance overall plugin security.

In the realm of WordPress security, vigilance and proactive measures are key to safeguarding your website and user data. By promptly addressing vulnerabilities like this XSS flaw, you not only fortify your website’s defenses but also reinforce trust with your users.

Remember, WordPress security is a shared responsibility, and taking immediate action to update vulnerable plugins is crucial in preserving website integrity and protecting user information. Act swiftly to secure your WordPress site and maintain a resilient online presence in the face of emerging threats.