**Name of the Vulnerable Software and Affected Versions:**

Post SMTP versions up to 3.2.0

**Description:**

A broken access control vulnerability allows low-privileged users to potentially take over administrator accounts and gain full control of WordPress sites. The vulnerability stems from insufficient permission checks within the plugin’s REST API endpoints, allowing users with limited privileges to access sensitive information, such as email logs, and initiate actions like password resets for administrator accounts. Over 400,000 WordPress sites are estimated to use the affected plugin. More than 200,000 sites remain vulnerable due to not updating to the patched version.

**Recommendations:**

Update to Post SMTP version 3.3.0 or later.