← volver
CVE-2023-3178

POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

CVSS 4.3 MEDIUMEPSS 0.3%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 ene 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Productos afectados
Unknown · POST SMTP Mailer