CSRF Vulnerability in POST SMTP Mailer WordPress Plugin Allows Email Resending

CSRF Vulnerability in POST SMTP Mailer WordPress Plugin Allows Email Resending

CVE-2023-3179 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).

Learn more about our Wordpress Pen Testing.