SolidWP recently discovered and resolved multiple security vulnerabilities in key plugins. We are sharing full details to ensure transparency and help you take appropriate action.
Solid Mail: Vulnerability Disclosure
On September 17, 2024, we launched a major update to WP SMTP, reintroducing the plugin under the SolidWP brand as Solid Mail. This update included a comprehensive design refactor and a complete rebuild of the Mail Logs screen.
We were notified on April 24, 2025, of an unauthenticated stored XSS vulnerability, assigned CVE-2025-1123, by a researcher in the WordPress security community, zer0gh0st. The vulnerability was specifically found in the Mail Logs
