CVE-2023-6875

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 11, 2024
Updated: Jan 18, 2024
CWE ID 862

Summary

CVE-2023-6875 is a vulnerability found in the POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress. This vulnerability allows unauthorized access and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. As a result, attackers without authentication can reset the API key used for authentication and view logs, including password reset emails, potentially leading to a complete takeover of the affected website. The vulnerability has a base severity rating of CRITICAL with a base score of 9.8 according to the CVSS:3.1 score system, indicating its high potential impact on integrity and confidentiality. It affects multiple products and can be remediated by updating the plugin to a version that addresses this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6875 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options