Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Nuclei
Nucleiadded yesterday19 views

Post SMTP <= 3.6.0 - Email Log Disclosure

Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...

9.8CVSS8AI score0.1525EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/11/02 3:48 a.m.12 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.1525EPSS
Exploits1References1
NVD
NVDadded 2025/11/01 4:15 a.m.9 views

CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS0.1525EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/11/01 3:34 a.m.13 views

CVE-2025-11833 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS0.1525EPSS
Exploits1References3
CVE
CVEadded 2025/11/01 3:34 a.m.64 views

CVE-2025-11833

CVE-2025-11833 affects the WordPress Post SMTP plugin up to and including version 3.6.0, due to a missing capability check in the __construct function. This unauthenticated issue lets attackers read arbitrary logged emails (including password reset emails), enabling potential account takeover and...

9.8CVSS5.2AI score0.1525EPSS
In wildExploits1References3
VulnCheck KEV
VulnCheck KEVadded 2025/11/01 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-11833

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

9.8CVSS5.9AI score0.1525EPSS
In wildExploits1References5
Rows per page
Query Builder