Title: plugin vulnerability Last modified: August 2, 2023 --- # plugin vulnerability * Resolved [sara.mansouri](https://wordpress.org/support/users/saramansouri/) * (@saramansouri) * [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-vulnerability-17/) * Hello, * We are using this plugin on a couple of our websites and hosting the website on WpEngine. We have received this email from WpEngine about this plugin vulnerability.: * You are utilizing a vulnerable version of the POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin. * At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. * WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration. * Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999) [https://wpscan.com/vulnerability/58ab5352-d783-431a-b0a5-382381cc13fd](https://wpscan.com/vulnerability/58ab5352-d783-431a-b0a5-382381cc13fd) * We encourage you to assess the risk of continuing to use this plugin until a patch is released. * Please make sure to run a backup of your database before making any changes. You can learn how to do this in this article: [http://wpengine.com/support/restore/](http://wpengine.com/support/restore/). * Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager to your plan today! * Finally, feel free to reach out to our Support team at any time if you have any questions! * Thanks -WP Engine Security Team Viewing 1 replies (of 1 total) * Plugin Author [Saad Iqbal](https://wordpress.org/support/users/saadiqbal/) * (@saadiqbal) * [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-vulnerability-17/#post-16943500) * Hi [@saramansouri](https://wordpress.org/support/users/saramansouri/) , Hope you are doing good. The mentioned vulnerability has been fixed and updated in latest version. Please update to the latest version.**REF**: [https://wpscan.com/plugin/post-smtp](https://wpscan.com/plugin/post-smtp) [https://patchstack.com/database/vulnerability/post-smtp](https://patchstack.com/database/vulnerability/post-smtp) Do let us know if still there is any thing we can help you with. Thanks! Viewing 1 replies (of 1 total) The topic ‘plugin vulnerability’ is closed to new replies. * ![](https://ps.w.org/post-smtp/assets/icon-128x128.gif?rev=3209655) * [Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App](https://wordpress.org/plugins/post-smtp/) * [Frequently Asked Questions](https://wordpress.org/plugins/post-smtp/#faq) * [Support Threads](https://wordpress.org/support/plugin/post-smtp/) * [Active Topics](https://wordpress.org/support/plugin/post-smtp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/post-smtp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/post-smtp/reviews/) * 2 replies * 2 participants * Last reply from: [Saad Iqbal](https://wordpress.org/support/users/saadiqbal/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-vulnerability-17/#post-16943500) * Status: resolved