CVE-2023-3179

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3179

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3179.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3179

Published

2023-07-17T14:15:10Z

Modified

2025-06-06T03:50:50.123558Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).

References

https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24

Affected packages

Git / github.com/wpexpertsio/post-smtp

Affected ranges

Type: GIT
Repo: https://github.com/wpexpertsio/post-smtp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8cf2ee9a7e30d97e947a271d9d6c8245f09293fe

Affected versions

2.*

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.2

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.25-beta.1

2.0.26

2.0.27

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1

2.1-beta.1

2.1.1

2.1.1.1

2.1.10

2.1.2

2.1.2-beta-1

2.1.2-rc.1

2.1.2-rc.2

2.1.3

2.1.4

2.1.4-beta.1

2.1.4-rc.1

2.1.4-rc.2

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2

2.2-beta.1

2.2-beta.2

2.2.1

2.2.2

2.2.3

2.3

2.3.1

2.4

2.4-beta.1

2.4.1

2.4.2

2.4.2-beta.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5-beta.1

2.5-rc.1

2.5-rc.2

2.5-rc.3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

v.*

v.1.9.0

v.1.9.1

v.1.9.2

v1.*

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8