CVE-2023-6875

CRITICAL EXPLOITED NUCLEI

Wordpress POST SMTP Account Takeover

Title source: metasploit

Description

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. CVE-2023-52233 appears to be a duplicate of this issue.

Exploits (4)

nomisec WORKING POC 25 stars
by UlyssesSaicha · remote
https://github.com/UlyssesSaicha/CVE-2023-6875
nomisec WORKING POC 6 stars
by gbrsh · remote
https://github.com/gbrsh/CVE-2023-6875
nomisec WORKING POC 1 stars
by hatlesswizard · remote
https://github.com/hatlesswizard/CVE-2023-6875
metasploit WORKING POC
by h00die, Ulysses Saicha · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_post_smtp_acct_takeover.rb

Nuclei Templates (1)

WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: http.html:/wp-content/plugins/post-smtp
FOFA: body=/wp-content/plugins/post-smtp

References (4)

Scores

CVSS v3 9.8
EPSS 0.9362
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-10
CWE
CWE-639 CWE-862
Status published
Products (2)
saadiqbal/Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App < 2.8.7
wpexperts/post_smtp < 2.8.7
Published Jan 11, 2024
Tracked Since Feb 18, 2026