Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App < 3.6.2 – Missing Authorization to Authenticated (Subscriber+) OAuth Token Update | CVE 2025-12887 | Plugin Vulnerabilities

Description

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials. CVE-2025-67563 appears to be a duplicate of this issue.

Affects Plugins

Fixed in 3.6.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd9f312-99e1-4dc2-855d-90339c2e24da

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

type5afe

Verified

No

WPVDB ID

2969e3b5-a0ba-46ba-8c8d-55895c72f7ff

Timeline

Publicly Published

2025-12-03 (about 5 months ago)

Added

2025-12-03 (about 5 months ago)

Last Updated

2025-12-11 (about 5 months ago)

Other

Published

Title

Published

2024-10-30

Title

Get Quote For Woocommerce <= 1.0.0 - Unauthenticated Quote PDF and CSV Download

Published

2025-01-16

Title

Cache Sniper for Nginx <= 1.0.4.2 - Missing Authorization

Published

2025-12-15

Title

Photo Block < 1.6.0 - Missing Authorization

Published

2024-09-24

Title

Easy Mega Menu Plugin for WordPress – ThemeHunk < 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Published

2024-08-09

Title

Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure