Privilege Escalation in Ultimate WP Mail Plugin for WordPress
CVE-2025-6993

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ultimate WP Mail
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-6993?

The Ultimate WP Mail plugin for WordPress is susceptible to a privilege escalation issue due to improper authorization in the get_email_log_details() AJAX handler. This vulnerability occurs in versions 1.0.17 to 1.3.6, allowing authenticated users with Contributor-level access and above to exploit the handler. By leveraging a client-supplied post_id, these users can access sensitive email log content, including password-reset links, as the authorization only checks for 'edit_posts' capability without validating user ownership or restricting access to administrators. This oversight enables potential attackers to retrieve an admin's reset link and gain elevated privileges.

Affected Version(s)

Ultimate WP Mail 1.0.17 <= 1.3.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/ultimate-wp-mail/#developers

https://plugins.trac.wordpress.org/browser/ultimate-wp-ma...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Kenneth Dunn