CVE-2023-3178

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3178

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3178.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-3178

Published

2024-01-16T16:15:11Z

Modified

2025-06-06T03:51:53.229353Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack.

References

https://wpscan.com/vulnerability/5341cb5d-d204-49e1-b013-f8959461995f/

Affected packages

Git / github.com/wpexpertsio/post-smtp

Affected ranges

Type: GIT
Repo: https://github.com/wpexpertsio/post-smtp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8cf2ee9a7e30d97e947a271d9d6c8245f09293fe

Affected versions

2.*

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.2

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.25-beta.1

2.0.26

2.0.27

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1

2.1-beta.1

2.1.1

2.1.1.1

2.1.10

2.1.2

2.1.2-beta-1

2.1.2-rc.1

2.1.2-rc.2

2.1.3

2.1.4

2.1.4-beta.1

2.1.4-rc.1

2.1.4-rc.2

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2

2.2-beta.1

2.2-beta.2

2.2.1

2.2.2

2.2.3

2.3

2.3.1

2.4

2.4-beta.1

2.4.1

2.4.2

2.4.2-beta.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.5-beta.1

2.5-rc.1

2.5-rc.2

2.5-rc.3

2.5.0

2.5.1

2.5.2

2.5.3

2.5.4

2.5.5

2.5.6

v.*

v.1.9.0

v.1.9.1

v.1.9.2

v1.*

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8