Umcms

**Name of the Vulnerable Software and Affected Versions** postman-smtp plugin through 2017-10-04 for WordPress **Description** The issue concerns a cross-site scripting (XSS) problem. It is exploited via the `page` parameter in the "wp-admin/tools.php" page, specifically when accessing the postman email log. **Recommendations** For the postman-smtp plugin through 2017-10-04, consider disabling access to the wp-admin/tools.php?page=postman email log page until a fix is available. Restrict the use of the `page` parameter in this context to minimize the risk of exploitation.