CVE-2025-6993
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-08-02
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustaurius | ultimate_wp_mail | From 1.0.17 (inc) to 1.3.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Ultimate WP Mail plugin for WordPress, specifically in versions 1.0.17 to 1.3.6. It is a privilege escalation issue caused by improper authorization in the get_email_log_details() AJAX handler. The handler accepts a client-supplied post_id and retrieves the corresponding email log content, including sensitive information like the password-reset link. It only checks if the user has the 'edit_posts' capability but does not restrict access to administrators or verify ownership of the post. As a result, authenticated users with Contributor-level access or higher can exploit this to obtain an administrator's password-reset link and escalate their privileges to administrator.
How can this vulnerability impact me? :
An attacker with Contributor-level access or higher can exploit this vulnerability to obtain an administrator's password-reset link, allowing them to reset the administrator's password and gain full administrative control over the WordPress site. This can lead to complete compromise of the site, including unauthorized content changes, data theft, or further attacks.