Cross-Site Request Forgery in Mail250 Free WP Mail SMTP Plugin by WordPress
CVE-2025-28974
7.1HIGH
What is CVE-2025-28974?
A Cross-Site Request Forgery (CSRF) vulnerability in the Mail250 Free WP Mail SMTP plugin could allow attackers to execute unauthorized actions on behalf of users, potentially leading to Stored Cross-Site Scripting (XSS). This vulnerability impacts versions prior to 1.0, enabling exploitation that could compromise user security and data integrity in WordPress installations.
Affected Version(s)
Free WP Mail SMTP <= 1.0