Vulnerability Description
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpexperts | Post Smtp | <= 2.8.7 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includIssue Tracking
- https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6Third Party Advisory
- http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-AutThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includIssue Tracking
- https://plugins.trac.wordpress.org/changeset/3016051/post-smtp/trunk?contextall=Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6Third Party Advisory
FAQ
What is CVE-2023-6875?
CVE-2023-6875 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a ty...
How severe is CVE-2023-6875?
CVE-2023-6875 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-6875?
Check the references section above for vendor advisories and patch information. Affected products include: Wpexperts Post Smtp.