Authorization Flaw in Rustaurius Ultimate WP Mail Affects WordPress Security
CVE-2025-49288
4.3MEDIUM
What is CVE-2025-49288?
The Rustaurius Ultimate WP Mail plugin for WordPress has a significant flaw that allows unauthorized users to exploit incorrectly configured access control settings. This vulnerability can lead to unauthorized actions being performed by attackers, compromising user data and system integrity. Users of Ultimate WP Mail, particularly those running versions from n/a to 1.3.5, should take immediate steps to assess and mitigate this risk to ensure the security of their WordPress sites.
Affected Version(s)
Ultimate WP Mail <= 1.3.5
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Tran Tuan Dung (domiee13) (Patchstack Alliance)