WordPress Plugin Vulnerabilities

Post SMTP < 3.3.0 - Subscriber+ Account Takeover via Email Log Exposure

Description

The plugin is vulnerable privilege escalation via account takeover due to a missing capability check on the get_details() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to access email logs which can contain password reset details and lead to an account takeover for any user, including administrators.

Affects Plugins

Plugin icon
post-smtp
Fixed in 3.3.0

References

CVE
CVE-2025-24000
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e61396d0-9396-449c-b8c4-53fc4e2c57bb

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Denver Jackson
Verified
No
WPVDB ID
31effe45-fe29-4e71-bcd4-c65f22a0dc81

Timeline

Publicly Published
2025-07-21 (about 9 months ago)
Added
2025-07-24 (about 9 months ago)
Last Updated
2026-05-11 (about 1 day ago)

Other

Published
Title
Published
2023-09-05
Title
WP Directory Kit < 1.2.7 - Missing Authorization
Published
2026-01-05
Title
Traveler < 3.2.7 - Missing Authorization
Published
2024-08-16
Title
Presto Player < 3.0.3 - Missing Authorization
Published
2025-11-03
Title
Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass
Published
2024-03-29
Title
WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation