CVE-2023-3178

Published: Jan 16, 2024Modified: Jun 2, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.

Affected (1)

Products: Wpexperts: Post Smtp

Wpexperts

1 product

Post Smtp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpexperts Post Smtp	Before 2.5.7

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/

Source: contact@wpscan.com

ExploitProductThird Party Advisory

https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitProductThird Party Advisory

Timeline

No history available yet.