CVSS Score of 10 (low)


Published Jan 16, 2024
Updated: Jan 22, 2024
CWE ID 352


The vulnerability, identified as CVE-2023-3178, affects the POST SMTP Mailer WordPress plugin versions before 2.5.7. It is related to a lack of proper Cross-Site Request Forgery (CSRF) checks in certain AJAX actions, which could enable attackers to execute CSRF attacks and manipulate arbitrary logs, leading to potential unauthorized deletion of logs by logged-in users with the manage_postman_smtp capability. The vulnerability has a base severity rating of 'MEDIUM' and a CVSS score of 4.3. To remediate this vulnerability, users are advised to update their plugin to version 2.5.7 or later. Organizations using the affected versions of the plugin should be aware of the potential danger it poses in terms of unauthorized log manipulation and take necessary remedial actions promptly.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3178 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options