← Back

CVE-2024-9065

nvd nist
Published: Oct 10, 2024Modified: Jun 17, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: security@wordfence.com (Secondary)

Description

The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. CVE-2025-24737 is likely a duplicate of this issue.

Affected (1)

1 product
Wp Helper Premium
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Up to 4.6.1

Timeline

No history available yet.