CVE-2023-3179: POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
First published: Mon Jul 17 2023(Updated: )
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Post SMTP | <2.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the POST SMTP Mailer WordPress plugin?
The vulnerability ID for the POST SMTP Mailer WordPress plugin is CVE-2023-3179.
What is the severity of CVE-2023-3179?
The severity of CVE-2023-3179 is high with a severity value of 8.8.
What software is affected by CVE-2023-3179?
The POST SMTP Mailer WordPress plugin versions up to and exclusive of 2.5.7 are affected by CVE-2023-3179.
What is the CWE ID for CVE-2023-3179?
The CWE ID for CVE-2023-3179 is 352.
Is there a fix available for CVE-2023-3179?
Yes, upgrading to version 2.5.7 of the POST SMTP Mailer WordPress plugin will fix the vulnerability.
- collector/nvd-latest
- agent/type
- agent/author
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/wpexperts
- canonical/post smtp