CVE-2023-6875

This PoC demonstrates an authentication bypass vulnerability in the Post SMTP plugin for WordPress, allowing unauthorized access to email logs and sensitive information via crafted FCM token headers.

This repository contains a functional exploit for CVE-2023-6875, which targets PostSMTP Mailer for unauthorized account takeover. The exploit leverages a vulnerability in the plugin to steal password reset keys and change user passwords.

This Go-based exploit targets a WordPress plugin vulnerability (CVE-2023-6875) by abusing the Post SMTP plugin's API to intercept password reset emails, extract the reset link, and upload a malicious shell. It automates the entire attack chain from token placement to admin login.

This Metasploit module exploits CVE-2023-6875, a privilege escalation vulnerability in the WordPress POST SMTP plugin prior to 2.8.7. It allows an unauthenticated attacker to reset the password of an arbitrary user by leveraging password reset functionality and accessing email logs.