Critical plugin vulnerabilities

  • Resolved frzsombor

    (@frzsombor)


    6 months, 3 weeks ago

    Hi!

    I just realized that the Post SMTP plugin has had another critical vulnerability (9.8/10), only about a year and a half after a similar issue.

    I wanted to ask if the team is considering using the revenue from the Pro version to fund a proper, professional, enterprise-level security audit for the plugin and perhaps schedule periodic audits after major releases.

    I’m honestly asking, because if not, after this recent vulnerability, I’d rather pay your biggest competitor for email logging on all our sites than keep using Post SMTP for free email logging, but risk getting hacked from time-to-time.

Viewing 1 replies (of 1 total)
  • Plugin Support M Aqib Khan

    (@aqibkhan9)

    6 months, 3 weeks ago

    Hello @frzsombor ,


    Thank you so much for taking the time to reach out and share your concern, we completely understand how you feel and your feedback truly matters to us.


    Security remains an absolute top priority for our team. The recent vulnerability was identified and patched immediately upon discovery, and a detailed review of the root cause was carried out to ensure that similar issues are prevented moving forward. Our development and QA teams have already implemented additional layers of internal review and automated security scanning for all future releases.

    That said, we genuinely appreciate your point regarding an enterprise-level audit. In fact, we are actively in partnerships with reputable third-party security firms like WordFence & Patchstack to perform periodic audits, not just as a one-time measure, but as part of an ongoing process aligned with our roadmap.


    We deeply value your trust in Post SMTP and the open-source community around it. Our long-term goal is to make it one of the most secure and dependable email solutions in the WordPress ecosystem. Your feedback helps guide us toward that mission, and we hope you’ll continue to stay with us as we keep strengthening the plugin.


    Warm regards,
    Support Team – WPExperts

Viewing 1 replies (of 1 total)

The topic ‘Critical plugin vulnerabilities’ is closed to new replies.