—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Broken Access Control Vulnerability in WordPress Plugin Post SMTP 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

WordPress Plugin Post SMTP versions prior to 3.3.0.

Overview

A vulnerability has been reported in WordPress Plugin Post SMTP, which could be exploited by an attacker to obtain sensitive information and bypass security restrictions on the targeted system.

Target Audience:

All organizations and individuals using WordPress Plugin Post SMTP.

Risk Assessment:

High risk of unauthorized access to sensitive data.

Impact Assessment:

Potential for data theft and account takeover.

Description

Post SMTP is a popular WordPress plugin designed to improve the deliverability of emails sent from your WordPress website. It replaces the default WordPress wp_mail() function with SMTP (Simple Mail Transfer Protocol) connection to send emails more reliably.

This vulnerability exists in Post SMTP plugin due to a broken access control mechanism in its REST API endpoints.

Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information and bypass security restrictions on the targeted system.

Solution

Apply appropriate updates as mentioned by the Vendor:

https://wordpress.org/plugins/post-smtp/advanced/

Vendor Information

WordPress

https://wordpress.org/plugins/post-smtp/

References

 

https://www.bleepingcomputer.com/news/security/post-smtp-plugin-flaw-exposes-200k-wordpress-sites-to-hijacking

CVE Name

CVE-2025-24000

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiQxsgACgkQ3jCgcSdc

ys8Mzw//aPw0zOQnUJjjNMqbR+hHqRrrdBYbZRosKPp/IYuGvxxt0SgGUqx/U4Jx

17fDmp7T4KlZXR72IoE+siNZKBcE2XKMNk2EGHhgKkKVhvJGp9c35n3dXQw/prGO

hxCVAD3vFBC4+qDLOK3FpA6bNl19HaGqDXmEp4Q8PCbicCyJXndOC0dztUEdGb1B

o/wlmhAjrKT5JCT6+RdKU3t1TtxwkOM8tvjixgi2nmP9PqKRswuzfr2YPyY2In0H

rsvKMIx/02ciVdOqeqmDhFkP2swneRC/7c8bF83rRD3ry0dGu5QugreKlDkHAZ/B

JIAcClyyitycJy8FpKPDJ+kCUH9UJzaCW2lkVy7inKDiIsLmdsVt8m+n0YCkee0f

irNt6r0TLNIKRnHMUP1nk2Jcq4ror1n2AxcDDOwKOm7RkU0kJyPtdSQbatP0JleY

KPQgUxaDlHvwFQ5CIv+9oFsDo4k8FviMID8cjyjZkbGW2sCYY7N1usRkEgue5lkm

726qD/A/47FA34lnsYIYAxVgJ3xhoPHxG+zL5A8TJCuspKHIMszRXh/ni7dc/H/s

MKgnX6va4LHN4j9PD4n2uxZPPjKoOJORB0JR+P5qJfNlKy4LkRSkZUh6UCEopSjx

shFrZd9exJ6mc/OQwCkG7+ok0mJSHiitlACr612xUqXExtWuS+Y=

=UFny

—–END PGP SIGNATURE—–