OpenAI
Perplexity
The foundation of Post SMTP is built on trust, transparency, and plugin-level security. Every aspect—from how authentication is handled to how logs and failure alerts are managed—is designed to protect your configuration and maintain reliable performance. With OAuth 2.0 and other robust mechanisms in place, the plugin takes a proactive stance on securing your email-sending process. We remain dedicated to preserving that security standard and reinforcing the confidence our users have placed in Post SMTP.
The Post SMTP plugin has a minor security concern related to how it displays information from sent emails in its logs. In certain situations, if someone sends a message containing unusual or unexpected code, that code might appear in the logs without being fully cleaned up before it’s shown in the Post SMTP mobile app.
In practical terms, this means there’s a small chance that someone who can send messages through the plugin could include something in the email that behaves unexpectedly when viewed by an administrator in the app.
It’s important to note that this doesn’t directly give anyone access to your site or data, and it only affects how messages are displayed. Still, it’s something worth addressing through a safety fix to make sure all information shown in the app is properly filtered and safe.
We are grateful to Patchstack, who informed us about this shortfall.
We recommend updating the core Post SMTP plugin to version 3.6.3 to address this security concern. We appreciate your continued support and apologize for any inconvenience caused.
