CVE-2025-22800Missing Authorization in Post Smtp

CWE-862Missing Authorization3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 73.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wpexperts Post SmtpSaad Iqbal Post Smtp
Timeline
PublishedJan 13

Description

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5saad_iqbal/post_smtp2.9.11
NVDwpexperts/post_smtp< 2.9.12

🔴Vulnerability Details

2
CVEList
WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability2025-01-13
GHSA
GHSA-4vrr-rw92-55r5: Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels2025-01-13
CVE-2025-22800 — Missing Authorization in Post Smtp | cvebase