CVE-2025-6993

Name of the Vulnerable Software and Affected Versions The Ultimate WP Mail versions 1.0.17 through 1.3.6

Description The plugin is susceptible to privilege escalation due to insufficient authorization within the get email log details() AJAX handler. The handler retrieves email log post content, including password-reset links, based on the post id supplied by the client. It relies solely on the ‘edit posts’ capability for access without validating ownership, allowing authenticated attackers with Contributor-level access or higher to obtain administrator reset links and elevate their privileges.

Recommendations The Ultimate WP Mail versions 1.0.17 through 1.3.6: Update to a version beyond 1.3.6.