Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical1
High1
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-03-19

CVE-2026-3090 - Mobile App Plugin

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability is only exploitable when the Post SMTP Pro plugin is also installed and its Reporting and…

PLUGIN Mobile App

CVE-2026-3090

HIGH CVSS 7.2 2026-03-18
Open Full Technical Breakdown
Threat Entry Updated 2025-11-04

CVE-2025-11833 - Mobile App Plugin

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.

PLUGIN Mobile App

CVE-2025-11833

CRITICAL CVSS 9.8 2025-11-01
Open Full Technical Breakdown
Threat Entry Updated 2024-10-16

CVE-2024-9873 - Mobile App Plugin

The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Mobile App

CVE-2024-9873

MEDIUM CVSS 5.4 2024-10-16
Open Full Technical Breakdown
Scroll to top