CVE-2023-3179

Name of the Vulnerable Software and Affected Versions POST SMTP Mailer WordPress plugin versions prior to 2.5.7

Description The issue concerns a lack of proper CSRF checks in some AJAX actions within the plugin. This could allow attackers to make logged-in users with the manage postman smtp capability resend an email to an arbitrary address. For example, a password reset email could be resent to an attacker-controlled email, potentially allowing them to take over an account.

Recommendations For versions prior to 2.5.7, update to version 2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions that lack proper CSRF checks to minimize the risk of exploitation.