Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WordPress Plugin Post SMTP-WP SMTP with Email Logs Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP Office 365 Brevo Mailgun Amazon SES Postmark Security Bypass - CVE-2023-6875 - Vulnerability Database
WP Plugin Post Smtp

WordPress Plugin Post SMTP-WP SMTP with Email Logs Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP Office 365 Brevo Mailgun Amazon SES Postmark Security Bypass - CVE-2023-6875

Critical
Reference: CVE-2023-6875
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6875
Title: WordPress Plugin Post SMTP-WP SMTP with Email Logs Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP Office 365 Brevo Mailgun Amazon SES Postmark Security Bypass
Overview:

WordPress Plugin Post SMTP-WP SMTP with Email Logs Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP Office 365 Brevo Mailgun Amazon SES Postmark is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the API key used to authenticate to the mailer and view logs including password reset emails allowing site takeover. WordPress Plugin Post SMTP-WP SMTP with Email Logs Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP Office 365 Brevo Mailgun Amazon SES Postmark version 2.8.7 is vulnerable prior versions may also be affected.