The security issue affects all versions of Post SMTP up to 3.2.0 and is due to a broken access control mechanism in the plugin’s REST API endpoints, which only verified if a user was logged in, without checking their permission level. More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. A notable 24.2%, corresponding to 96,800 sites, still run Post SMTP versions from the 2.x branch, which is vulnerable to additional security flaws, leaving them open to attacks. Download statistics on WordPress.org show that less than half of the plugin's user base (48.5%) has updated to version 3.3. This means that more than 200,000 websites are vulnerable to CVE-2025-24000. On vulnerable sites, a subscriber could initiate a password reset for an Administrator account, intercept the reset email via the logs, and gain control of the account. Post SMTP is a popular email delivery plugin for WordPress that counts more than 400,000 active installations. This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value. The solution was to incorporate additional privilege checks in the ‘get_logs_permission’ function that would validate a user’s permissions before giving access to sensitive API calls.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 26 Jul 2025 18:05:17 +0000