WordPress Plugin Vulnerabilities

POST SMTP Mailer < 2.8.8 - Authorization Bypass via type connect-app API

Description

The plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

Proof of Concept

Affects Plugins

Plugin icon
post-smtp
Fixed in 2.8.8

References

CVE
CVE-2023-6875
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Ulyses Saicha
Verified
Yes
WPVDB ID
b66c4057-e3d5-4a92-a319-f3e36441270f

Timeline

Publicly Published
2024-01-10 (about 2 years ago)
Added
2024-01-11 (about 2 years ago)
Last Updated
2024-01-12 (about 2 years ago)

Other

Published
Title
Published
2025-03-13
Title
ShareThis Dashboard for Google Analytics < 3.2.2 - Missing Authorization to Unauthenticated Feature Deactivation
Published
2025-10-03
Title
GiveWP – Donation Plugin and Fundraising Platform < 4.10.1 - Missing Authorization to Unauthenticated Forms-Campaign Association
Published
2025-11-17
Title
WP Duplicate Page < 1.8 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
Published
2024-10-24
Title
UPS Live Rates and Access Points < 3.0.0 - Missing Authorization to Plugin API key reset
Published
2026-01-05
Title
TaxoPress < 3.42.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification