CVE-2023-3179
- Reference to the description:
- Description:
- The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).
- Last updated date:
- 11/07/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/26/2023
- Reference url to background
https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693ebb24