Vulnerabilities > CVE-2023-3179 - Unspecified vulnerability in Wpexperts Post Smtp Mailer

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wpexperts

NVD

Published: 2023-07-17

Updated: 2023-11-07

Summary

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).

Vulnerable Configurations

Part	Description	Count
Application	Wpexperts Wpexperts Post Smtp Mailer - Wpexperts Post Smtp Mailer 1.8.5 Wpexperts Post Smtp Mailer 1.8.6 Wpexperts Post Smtp Mailer 1.8.7 Wpexperts Post Smtp Mailer 1.8.8 Wpexperts Post Smtp Mailer 1.8.9 Wpexperts Post Smtp Mailer 1.9.0 Wpexperts Post Smtp Mailer 1.9.1 Wpexperts Post Smtp Mailer 1.9.2 Wpexperts Post Smtp Mailer 1.9.3 Wpexperts Post Smtp Mailer 1.9.4 Wpexperts Post Smtp Mailer 1.9.5 Wpexperts Post Smtp Mailer 1.9.6 Wpexperts Post Smtp Mailer 1.9.7 Wpexperts Post Smtp Mailer 1.9.8 Wpexperts Post Smtp Mailer 2.0 Wpexperts Post Smtp Mailer 2.0.1 Wpexperts Post Smtp Mailer 2.0.2 Wpexperts Post Smtp Mailer 2.0.3 Wpexperts Post Smtp Mailer 2.0.4 Wpexperts Post Smtp Mailer 2.0.5 Wpexperts Post Smtp Mailer 2.0.6 Wpexperts Post Smtp Mailer 2.0.7 Wpexperts Post Smtp Mailer 2.0.8 Wpexperts Post Smtp Mailer 2.0.9 Wpexperts Post Smtp Mailer 2.0.10 Wpexperts Post Smtp Mailer 2.0.11 Wpexperts Post Smtp Mailer 2.0.12 Wpexperts Post Smtp Mailer 2.0.13 Wpexperts Post Smtp Mailer 2.0.14 Wpexperts Post Smtp Mailer 2.0.15 Wpexperts Post Smtp Mailer 2.0.16 Wpexperts Post Smtp Mailer 2.0.17 Wpexperts Post Smtp Mailer 2.0.18 Wpexperts Post Smtp Mailer 2.0.19 Wpexperts Post Smtp Mailer 2.0.20 Wpexperts Post Smtp Mailer 2.0.21 Wpexperts Post Smtp Mailer 2.0.22 Wpexperts Post Smtp Mailer 2.0.23 Wpexperts Post Smtp Mailer 2.0.24 Wpexperts Post Smtp Mailer 2.0.25 Wpexperts Post Smtp Mailer 2.0.26 Wpexperts Post Smtp Mailer 2.0.27 Wpexperts Post Smtp Mailer 2.1 Wpexperts Post Smtp Mailer 2.1.1 Wpexperts Post Smtp Mailer 2.1.1.1 Wpexperts Post Smtp Mailer 2.1.2 Wpexperts Post Smtp Mailer 2.1.3 Wpexperts Post Smtp Mailer 2.1.4 Wpexperts Post Smtp Mailer 2.1.4-Beta.1 Wpexperts Post Smtp Mailer 2.1.4-Rc.1 Wpexperts Post Smtp Mailer 2.1.4-Rc.2 Wpexperts Post Smtp Mailer 2.1.5 Wpexperts Post Smtp Mailer 2.1.6 Wpexperts Post Smtp Mailer 2.1.7 Wpexperts Post Smtp Mailer 2.1.8 Wpexperts Post Smtp Mailer 2.1.9 Wpexperts Post Smtp Mailer 2.1.10 Wpexperts Post Smtp Mailer 2.2 Wpexperts Post Smtp Mailer 2.2.1 Wpexperts Post Smtp Mailer 2.2.2 Wpexperts Post Smtp Mailer 2.2.3 Wpexperts Post Smtp Mailer 2.3 Wpexperts Post Smtp Mailer 2.3.1 Wpexperts Post Smtp Mailer 2.3.2 Wpexperts Post Smtp Mailer 2.4 Wpexperts Post Smtp Mailer 2.4.1 Wpexperts Post Smtp Mailer 2.4.2 Wpexperts Post Smtp Mailer 2.4.3 Wpexperts Post Smtp Mailer 2.4.4 Wpexperts Post Smtp Mailer 2.4.5 Wpexperts Post Smtp Mailer 2.4.6 Wpexperts Post Smtp Mailer 2.4.7 Wpexperts Post Smtp Mailer 2.4.8 Wpexperts Post Smtp Mailer 2.4.9 Wpexperts Post Smtp Mailer 2.5 Wpexperts Post Smtp Mailer 2.5.0 Wpexperts Post Smtp Mailer 2.5.1 Wpexperts Post Smtp Mailer 2.5.2 Wpexperts Post Smtp Mailer 2.5.3 Wpexperts Post Smtp Mailer 2.5.4 Wpexperts Post Smtp Mailer 2.5.5 Wpexperts Post Smtp Mailer 2.5.6	101

References

https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24