CVE-2023-52233
published 2024-06-11CVE-2023-52233: Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.37%
28.5th percentile
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpexperts | post_smtp | < 2.8.7 | 2.8.7 |
| wpexperts | post_smtp | <= 2.8.7 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6vjr-4r2m-7pgg: Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log
ghsa_unreviewed·2024-06-11
CVE-2023-52233 [HIGH] CWE-862 GHSA-6vjr-4r2m-7pgg: Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log
Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6.
VulnCheck
wpexperts post_smtp Authorization Bypass Through User-Controlled Key
vulncheck·2023·CVSS 8.6
CVE-2023-6875 [HIGH] wpexperts post_smtp Authorization Bypass Through User-Controlled Key
wpexperts post_smtp Authorization Bypass Through User-Controlled Key
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.
Affected: wpexperts post_smtp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploita
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-11
Published