CVE-2025-12887

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handlegmailoauthredirect' function. This makes it possible for...

WordPress Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update vulnerability

Missing Authorization to Authenticated Subscriber+ OAuth Token Update vulnerability discovered by type5afe in WordPress Plugin Post SMTP versions = 3.6.1...