CVE-2025-11833
BaseFortify
Publication date: 2025-11-01
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | post_smtp | 3.6.0 |
| wordfence | post_smtp | 3.6.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Post SMTP WordPress plugin (up to version 3.6.0) is due to a missing capability check in the __construct function, which allows unauthenticated attackers to access email logs without authorization. This means attackers can read arbitrary logged emails, including sensitive ones like password reset emails containing reset links, potentially leading to account takeover.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive email content, such as password reset emails, which can be exploited by attackers to take over user accounts. It compromises the confidentiality and integrity of email communications logged by the plugin, potentially resulting in account compromise and unauthorized access to user data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards like GDPR and HIPAA because it allows unauthorized access to sensitive personal data contained in email logs. Such unauthorized disclosure violates data protection principles, including confidentiality and access control, potentially leading to regulatory non-compliance and legal consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Post SMTP WordPress plugin version is 3.6.0 or earlier, as these versions lack proper capability checks allowing unauthorized access to email logs. Since the vulnerability involves unauthorized reading of logged emails, detection involves verifying if unauthorized users can access the email logs. There are no specific network commands provided in the resources, but inspecting access to the email logs via the WordPress admin interface or AJAX endpoints related to email logs without proper authentication can indicate the vulnerability. Additionally, reviewing plugin version via WordPress plugin management commands or dashboard can help detect vulnerable installations. [3, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Post SMTP WordPress plugin to version 3.6.1 or later, which enforces strict permission checks on email log access and related actions, preventing unauthorized access. Until the update can be applied, restrict access to the WordPress admin area and plugin files to trusted users only. Additionally, review and tighten user capabilities related to managing Post SMTP logs to ensure only authorized users have access. Monitoring and disabling any suspicious access to email logs is also recommended. [3]