CVE-2025-12887
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-03

Last updated on: 2026-04-08

Assigner: Wordfence

Description
The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAuth credentials. CVE-2025-67563 appears to be a duplicate of this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-03
Last Modified
2026-04-08
Generated
2026-06-16
AI Q&A
2025-12-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12887
EUVD
EUVD-2025-200978
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress post_smtp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Post SMTP WordPress plugin (up to version 3.6.1) allows authenticated users with subscriber-level access or higher to bypass authorization checks in the 'handle_gmail_oauth_redirect' function. Because the plugin does not properly verify user authorization when updating OAuth tokens, attackers can inject invalid or attacker-controlled OAuth credentials. The issue stems from insufficient input sanitization, missing authorization checks, and lack of CSRF protection in the OAuth token update process. [1]

Impact Analysis

An attacker with at least subscriber-level access could exploit this vulnerability to inject malicious OAuth credentials into the plugin. This could lead to unauthorized access or manipulation of email sending capabilities through the plugin, potentially allowing attackers to send emails on behalf of the site or disrupt email functionality. It may also expose the site to further attacks due to improper authorization and input handling. [1]

Detection Guidance

Detection can involve checking if the Post SMTP WordPress plugin version is 3.6.1 or earlier, as these versions are vulnerable. You can run commands to identify the plugin version installed, for example, by using WP-CLI: `wp plugin list --format=json | jq '.[] | select(.name=="post-smtp") | .version'`. Additionally, monitoring for unauthorized OAuth token update attempts or suspicious OAuth redirect requests in your web server logs may help detect exploitation attempts. However, no specific detection commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to update the Post SMTP WordPress plugin to version 3.6.2 or later, which includes fixes for this vulnerability. The update adds proper authorization checks restricting OAuth token updates to users with the 'manage_options' capability, enforces nonce verification to prevent CSRF attacks, and improves input sanitization. Applying this update will prevent unauthorized OAuth token injection by authenticated users with subscriber-level access and above. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12887. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart