CVE-2025-11833

CRITICAL EXPLOITED NUCLEI

Post SMTP <3.6.0 - Info Disclosure

Title source: llm

Description

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.

Exploits (3)

github WRITEUP 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2025/CVE-2025-11833.md

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by halilkirazkaya · infoleak

https://github.com/halilkirazkaya/CVE-2025-11833

View Code ZIP pw:eip

nomisec SCANNER

by bocgoInfosec · poc

https://github.com/bocgoInfosec/CVE-2025-11833-PoC

View Code ZIP pw:eip

Nuclei Templates (1)

Post SMTP <= 3.6.0 - Email Log Disclosure

CRITICALVERIFIEDby Kazgangap

Shodan: http.html:/wp-content/plugins/post-smtp

FOFA: body=/wp-content/plugins/post-smtp

References (3)

[Product] https://plugins.trac.wordpress.org/browser/post-smtp/tags/3.5.0/Postman/PostmanEmailLogs.php#L51

[Product] https://plugins.trac.wordpress.org/changeset/3386160/post-smtp

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/491f44fc-712c-4f67-b5c2-a7396941afc1?source=cve

Scores

CVSS v3 9.8

EPSS 0.1617

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-11-01

CWE

CWE-862

Status published

Products (2)

saadiqbal/Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App < 3.6.0

saadiqbal/Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App < 3.6.0

Published Nov 01, 2025

Tracked Since Feb 18, 2026