WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-28974
7.1HIGH
What is CVE-2025-28974?
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.
Affected Version(s)
Free WP Mail SMTP <= 1.0