06 Oct

Wordfence Doesn’t Want You to Know We Discovered the Vulnerability in Postman SMTP

We have seen a lot sleazy stuff out of the WordPress focused security company Wordfence, including claiming that they care more about security than the WordPress team as justification for creating a fake threat, so it shouldn’t be surprising to find their post about the removal of the plugin Postman SMTP from the Plugin Directory, which [Read more]

04 Oct

Ninja Forms Could Have Avoided Recommending and Using a Vulnerable Plugin If They Used Our Service

Back in June we disclosed a minor vulnerability in the plugin Postman SMTP that we had discovered. We were not able to contact the developer of the plugin and it hasn’t gotten fixed since we disclosed it. In the past we would have notified the Plugin Directory of the issue and the plugin would have been [Read more]

29 Jun

Reflected Cross-Site Scripting (XSS) Vulnerability in Postman SMTP

We recently found the the plugin Postman SMTP contains a reflected cross-site scripting (XSS) vulnerability. On line 346 of the file /Postman/Postman-Email-Log/PostmanEmailLogController.php the value of GET or POST input “page” is output without being escaped: value=”<?php echo $_REQUEST[‘page’] ?>” /> While the GET input “page” needs to be set to “postman_email_log” for that code to run, [Read more]