Documentation: Home / Vulnerabilities / Access violation vulnerability in Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more 2.9.11

Latest

Access violation vulnerability in Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more 2.9.11

CVE-2025-22800

Severity: medium-risk
Status: Fixed
Publication: January 7, 2025

The Post SMTP plugin for WordPress has a security flaw that allows unauthorized users to access a function called “regenerate_qrcode()” in versions 2.9.11 and below. This means that anyone who is logged in and has at least subscriber-level access can generate QR codes without proper authorization.

Detected in:

Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more fixed vulnerable versions:

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Login protection as essential security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Access violation vulnerability in Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more 2.9.11

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles