CVE-2025-28974

UNKNOWN 0.0

WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0.

CWE	CWE-352
Vendor	mail250
Product	free wp mail smtp
Published	Jun 6, 2025
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for mail250 free wp mail smtp

Be the first to know when new unknown vulnerabilities affecting mail250 free wp mail smtp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mail250 / Free WP Mail SMTP

0 ≤ 1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/free-wp-mail-smtp/vulnerability/wordpress-free-wp-mail-smtp-plugin-1-0-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve

Credits

Nguyen Xuan Chien | Patchstack Bug Bounty Program