The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.Referenceshttps://wordpress.org/plugins/postman-smtp/#developershttps://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/
