More than 200,000 WordPress sites are using a vulnerable version of the Post SMTP plugin, which allows attackers to gain control over the administrator account.
Post SMTP is a popular mail delivery plugin for WordPress, boasting over 400,000 active installations. It is positioned as a replacement for the standard wp_mail() function, offering greater reliability and broader capabilities.
In May 2025, an unnamed cybersecurity researcher reported a vulnerability to WordPress security specialists from the company PatchStack. The issue is currently assigned the identifier CVE-2025-24000 (8.8 on the CVSS scale).
The bug affects all versions of Post SMTP up to 3.2.0 and is related to a malfunctioning access control mechanism in the REST API endpoints. The mechanism only checked if a user was logged in, but did not verify their permission level.
As a result, low-privileged users (such as Subscribers) could gain access to email logs containing full versions of the messages. Even worse, on vulnerable sites, a low-privileged user could initiate a password reset for an administrator account, intercept the password reset email through the logs, and take control of the account.
The plugin developer was informed of the vulnerability on May 26, after which a patch was submitted to PatchStack for review. The solution involved adding additional privilege checks to the get_logs_permission function, which verifies user rights before granting access to sensitive API functions.
As a result, the fix was included in Post SMTP version 3.3.0, which was released on June 11, 2025. However, according to official WordPress.org statistics, less than half of the plugin’s users (48.5%) have upgraded to version 3.3 so far. This means that over 200,000 sites remain vulnerable to CVE-2025-24000.
Experts note that 24.2% of Post SMTP users are still using older 2.x versions, which are also vulnerable to other bugs.
2025.01.29 — Google to disable Sync in older Chrome versions
Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →