Description
Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch
AI Analysis

Impact

A WordPress plugin named SMTP Mailer from Noor Alam allows the insertion of sensitive information into outgoing email data. The vulnerability permits an attacker to retrieve embedded secrets, such as credentials or other confidential material, from the emails that the plugin sends. This leads to unauthorized disclosure of private data that the website owner or administrators intended to keep confidential.

Affected Systems

The affected product is the WordPress SMTP Mailer plugin by Noor Alam. Versions up to and including 1.1.24 are vulnerable. Any WordPress installation using a version in this range might expose sensitive data through outgoing emails.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating high severity, and is not listed in the CISA KEV catalog. The EPSS score is unavailable, so the exact probability of exploitation is uncertain, but the potential impact is significant. Based on the description, the likely attack vector is remote via the WordPress web interface or API that triggers email sending. An attacker who can cause the plugin to send an email would gain access to embedded secret data, potentially compromising user accounts or system credentials.

Generated by OpenCVE AI on March 25, 2026 at 23:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SMTP Mailer plugin to a version newer than 1.1.24
  • If upgrade is not immediately possible, disable or remove the plugin to stop sensitive data exposure
  • Verify that the plugin’s email templates do not contain hard‑coded credentials or sensitive information before re‑enabling it

Generated by OpenCVE AI on March 25, 2026 at 23:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Noor Alam
Noor Alam smtp Mailer
Wordpress
Wordpress wordpress
Vendors & Products Noor Alam
Noor Alam smtp Mailer
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.
Title WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Noor Alam Smtp Mailer
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T20:31:34.926Z

Reserved: 2026-03-12T11:12:34.192Z

Link: CVE-2026-32538

cve-icon Vulnrichment

Updated: 2026-03-25T20:15:36.389Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:07.570

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32538

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:15Z

Weaknesses