MEDIUM
smtp2go
CVE published 2026-05-28
CVE-2026-7621
The SMTP2GO for WordPress plugin is vulnerable to unauthorized access in versions up to and including 1.16.0. The plugin fails to properly verify user authorization for administrative actions, allowing authenticated attackers with subscriber-level access or higher to truncate all SMTP2GO log records from the database or download CSV exports containing sensitive email metadata including recipient addresses [truncated]