YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports WordPress Plugin Security Vulnerabilities | WPScan

8

June 16, 2026

10000

Published

2025-06-27

Title

YaySMTP < 2.6.7 - Admin+ SQL Injection

Fixed in

Fixed in 2.6.7

CVSS

4.9 (medium)

Published

2025-05-07

Title

YaySMTP < 2.6.5 - Authenticated (Administrator+) SQL Injection

Fixed in

Fixed in 2.6.5

CVSS

4.9 (medium)

Published

2025-02-18

Title

YaySMTP 2.4.9 - 2.6.3 - Unauthenticated Stored Cross-Site Scripting

Fixed in

Fixed in 2.6.4

CVSS

7.2 (high)

Published

2023-06-12

Title

YaySMTP < 2.4.6 - Unauthenticated Stored Cross-Site Scripting

Fixed in

Fixed in 2.4.6

CVSS

7.2 (high)

Published

2022-07-18

Title

YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting

Fixed in

Fixed in 2.2.1

CVSS

8.0 (high)

Published

2022-07-18

Title

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting

Fixed in

Fixed in 2.2.2

CVSS

3.4 (low)

Published

2022-07-11

Title

YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak

Fixed in

Fixed in 2.2.1

CVSS

5.4 (medium)

Published

2022-07-11

Title

YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure

Fixed in

Fixed in 2.2.1

CVSS

4.3 (medium)