POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
CVE-2023-3179
8.8HIGH
Summary
The POST SMTP Mailer Plugin for WordPress, specifically versions before 2.5.7, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw arises due to inadequate CSRF checks in certain AJAX actions. As a result, attackers can exploit logged-in users who possess the manage_postman_smtp capability to send emails to unauthorized addresses. For instance, this could facilitate the unsolicited retransmission of sensitive emails, including password reset links, to an attacker-controlled email account, potentially leading to unauthorized account access and control.
Affected Version(s)
POST SMTP Mailer 2.5.0 < 2.5.7
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Erwan LR (WPScan)
WPScan