Ethical Hacking News
A critical vulnerability has been discovered in a popular WordPress plugin, exposing over 400,000 sites to full takeover. The Post SMTP plugin flaw allows Subscriber+ users to access sensitive information without proper privilege checks, leaving them vulnerable to exploitation. In light of this issue, site owners are urged to update their plugins immediately to ensure the security and integrity of their websites.
Over 400,000 WordPress sites are vulnerable to takeover due to a critical vulnerability in the Post SMTP plugin (CVE-2025-24000). The vulnerability allows Subscriber+ users to access REST API endpoints without proper privilege checks. A lack of proper privilege checks in the get_logs_permission function allows low-privileged users to access sensitive information. Nearly half of affected sites remain unpatched, leaving them vulnerable to exploitation. Updating to version 3.3.0 is recommended to address the critical vulnerability.
The latest news in the realm of cybersecurity has brought attention to a critical vulnerability in a popular WordPress plugin, leaving over 400,000 sites exposed to full takeover. The Post SMTP plugin, designed by Saad Iqbal of WPExperts, is an email delivery plugin that allows site owners to configure custom mailer services and includes features such as email logging, DNS validation, and OAuth support.
However, a recent vulnerability (CVE-2025-24000) has been discovered in the plugin's version 3.2.0, which allows Subscriber+ users to access REST API endpoints without proper privilege checks. This flaw can be exploited by an attacker to view sensitive email information, such as password reset emails, and gain control over the site by taking over an Administrator-level account.
The report published by Patchstack highlights the severity of this vulnerability, stating that "the ability to access this detailed information allows a Subscriber-level user to intercept any email sent by the WordPress website, including password reset emails to any user. Using this information, a low-privileged user is able to takeover an Administrator-level account, leading to a full site takeover."
The underlying cause of this vulnerability lies in the get_logs_permission function, which lacks proper privilege checks. This means that even Subscriber+ users can access sensitive information without being required to have administrative privileges.
As a result, over 400,000 sites that use the Post SMTP plugin are at risk of falling victim to this critical security breach. Furthermore, nearly half of these sites remain unpatched, leaving them vulnerable to exploitation.
In response to this issue, users are urged to update their plugins immediately to ensure the security and integrity of their websites. The latest version of the Post SMTP plugin (v3.3.0) has already been released, which addresses this critical vulnerability.
As a responsible cybersecurity advocate, it is essential for all site owners and administrators to take proactive measures to secure their online presence and protect against such threats. Regularly updating plugins, monitoring website activity, and implementing robust security measures can help prevent similar vulnerabilities from occurring in the future.
In conclusion, the recent discovery of this critical Post SMTP plugin flaw highlights the importance of staying vigilant and proactive when it comes to cybersecurity. By taking immediate action to update their plugins and implement effective security measures, site owners can protect themselves against potential threats and ensure the continued integrity and security of their online presence.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Post-SMTP-Plugin-Flaw-Exposes-200K-Sites-to-Full-Takeover-A-Security-Breach-of-Epic-Proportions-ehn.shtml
https://securityaffairs.com/180484/security/critical-wordpress-post-smtp-plugin-flaw-exposes-200k-sites-to-full-takeover.html
Published: Mon Jul 28 08:47:31 2025 by llama3.2 3B Q4_K_M
