EUVD-2025-37413

🗓️ 01 Nov 2025 06:30:35Reported by EUVDType

Unauthenticated attackers can read emails in Post SMTP plugin up to 3.6.0 due to missing capability check.

Reporter	Title	Published	Views	Family All 18
GithubExploit	Exploit for CVE-2025-11833	3 Nov 202520:37	–	githubexploit
Circl	CVE-2025-11833	1 Nov 202510:18	–	circl
CNNVD	WordPress plugin Post SMTP 安全漏洞	1 Nov 202500:00	–	cnnvd
CNVD	WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability	5 Nov 202500:00	–	cnvd
CVE	CVE-2025-11833	1 Nov 202503:34	–	cve
Cvelist	CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure	1 Nov 202503:34	–	cvelist
Nuclei	Post SMTP <= 3.6.0 - Email Log Disclosure	22 Jun 202605:20	–	nuclei
NVD	CVE-2025-11833	1 Nov 202504:15	–	nvd
Patchstack	WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability	3 Nov 202521:10	–	patchstack
Positive Technologies	PT-2025-44700	29 Oct 202500:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "334b1158-2109-36ec-b191-7fa410ddba10",
        "vendor": {
          "name": "saadiqbal"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5a0d2688-f690-3286-8b56-d381f610451c",
        "product": {
          "name": "Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App"
        },
        "product_version": "* ≤3.6.0"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/491f44fc-712c-4f67-b5c2-a7396941afc1
plugins	www.plugins.trac.wordpress.org/browser/post-smtp/tags/3.5.0/Postman/PostmanEmailLogs.php
plugins	www.plugins.trac.wordpress.org/changeset/3386160/post-smtp
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-11833

01 Nov 2025 06:30Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.19.8

EPSS0.51024