| |
Vulnerability CVE-2023-3179
Published: 2023-07-17
| Description: |
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account). |
Type:
CWE-352 (Cross-Site Request Forgery (CSRF))
References: |
https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
