WordPress Plugin Vulnerabilities

WP Mail SMTP Pro < 3.8.1 - Unauthenticated Email Address Disclosure

Description

The plugin does not have authorisation in the is_print_page() function, allowing unauthenticated users to retrieve sensitive information such as email address

Affects Plugins

Plugin icon
wp-mail-smtp-pro
Fixed in 3.8.1

References

CVE
CVE-2023-3213
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
e8053b1d-79ae-4567-8896-e347225a8dc4

Timeline

Publicly Published
2023-10-03 (about 2 years ago)
Added
2023-10-12 (about 2 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2024-04-22
Title
ARForms < 6.4.1 - Missing Authorization to Arbitrary Plugin Activation/Deactivation
Published
2026-05-01
Title
FundPress < 2.0.9 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler
Published
2025-06-05
Title
Raychat < 2.2.0 - Missing Authorization
Published
2025-08-22
Title
WPPizza < 3.19.8.1 - Missing Authorization
Published
2026-04-13
Title
Easy Appointments < 3.12.22 - Missing Authorization