Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin

The security vulnerability in versions 3.2.0 and below of the Post SMTP plugin is associated with multiple Broken Access Control vulnerabilities in its REST API endpoints.

These endpoints only validated that a user was logged in, not that they had the correct privileges to perform the actions. This lack of validation allowed any registered user, including Subscriber-level users who should have no privileges at all, to perform various actions such as viewing email count statistics, resending emails, and, most dangerously, viewing detailed email logs including the entire email body.

The ability to access this detailed information enables a Subscriber-level user to intercept any email sent by the WordPress website, including password reset emails to any user. With this information, a low-privileged user could take over an Administrator-level account, resulting in a full site takeover.

The vulnerability has been patched in version 3.3.0 and is tracked with CVE-2025-24000.

To read the complete article see: Full Article.