← Back to CVEs
CVE-2023-3178
MEDIUM4.3
Description
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/16/2024
Last Modified6/2/2025
Sourcenvd
Honeypot Sightings0
Affected Products
wpexperts:post_smtp
Weaknesses (CWE)
CWE-352
References
https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/(contact@wpscan.com)
https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.