CVE-2023-3179

Published: Jul 17, 2023Modified: Jun 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).

Affected (1)

Products: Wpexperts: Post Smtp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpexperts Post Smtp	Before 2.5.7

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.