Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-6875
HistoryJan 11, 2024 - 9:15 a.m.

Design/Logic Flaw

2024-01-1109:15:00
PRIOn knowledge base
www.prio-n.com
5
wordpress
plugin vulnerability
type juggling issue
unauthorized access
data modification
api key reset
site takeover

6.9 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

CPENameOperatorVersion
post_smtp_mailerle2.8.7

6.9 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%