CVE-2026-6963

Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9

Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher can update SMTP settings and redirect mail. This can lead to privilege escalation by triggering a password reset email to gain access to an administrator account.

Recommendations Update the plugin to a version later than 1.8. As a temporary workaround, restrict access to the 'wmg save provider config' AJAX action to authorized users only.