CVE-2023-6875

Summary

CVE-2023-6875 is a vulnerability affecting the POST SMTP Mailer plugin for WordPress, versions up to 2.8.7. A type juggling issue on the connect-app REST endpoint allows unauthenticated attackers to gain unauthorized access to data and modify it. Specifically, they can reset the API key, enabling them to view sensitive information such as password reset emails and ultimately leading to site takeover. This vulnerability poses a significant risk and should be addressed promptly by updating to the latest plugin version or implementing alternative security measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.