CVE-2023-3178

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 62.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Post Smtp MailerWpexperts Post Smtp
Timeline
PublishedJan 16

Description

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/post_smtp_mailer2.5.02.5.7
NVDwpexperts/post_smtp< 2.5.7

🔴Vulnerability Details

2
CVEList
POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF2024-01-16
GHSA
GHSA-vv37-8w95-rgj3: The POST SMTP Mailer WordPress plugin before 22024-01-16
CVE-2023-3178 (MEDIUM CVSS 4.3) | The POST SMTP Mailer WordPress plug | cvebase.io